With our latest Android and iOS apps (both v4.3.1), SIGNL4 now supports login via EntraID account based on Microsoft's MSAL. This library uses an authentication broker in the form of the MS Authenticator app (iOS) or the Intune Company Portal (Android). These authentication broker apps can now transmit additional information such as a device ID during login to EntraID.
This can be used to cover conditional access requirements using policies in EntraID, in this case logins from "non-compliant" devices would be blocked (https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-compliant-device).
Previously, our EntraID login was not based on MSAL, so a device ID was never sent. As a result, the device was always considered non-compliant for EntraID and sign-in was not possible. In practice, exceptions had to be created in EntraID for SIGNL4, which led to compliance problems for I-SEC depending on how the data processed in S4 was classified.
Exceptions of this kind are now no longer necessary and it can be ensured that the EntraID login only works from company devices. This, in combination with the option to disable S4 as a possible IAM provider itself, ensures a high level of security and compliance with I-SEC guidelines.
Comments
0 comments
Please sign in to leave a comment.