The following documentation explains how to optimize the Azure AD integration with client (mobile apps and desktop clients) and web applications.

To get more information about inWebo Azure AD connector, please read this documentation → Microsoft Azure AD connector.

 

To get an optimal user experience of the inWebo Azure AD connector, you should pay attention to the authentication method choice depending on the application type (client or web applications). For client applications (mobile apps and desktop clients), we do not recommend using Virtual Authenticator (VA) authentication method. Examples of client apps : Outlook for windows/IOS/Android, Teams, native IOS/Android mail client.

The VA authentication method enrolls a web browser. When using VA for a client application, the enrolled web browser is actually a WebView embedded in the application.

→ the WebView evolution (the emulated browser type, compatibility, versions) in the application is unknown and not documented.

→ a client application enrollment will not always be used by another application (meaning that each application will have to be enrolled).

What are the recommendations?

In order to get an optimal performance of the inWebo Azure AD connector on both client and web applications, we recommend to:

  1. In inWebo platform, create two Azure AD connectors (with their own secure sites associated):

    1. one for the client applications, configured to work with push Authenticator,

    2. one for the web applications, configured to work with Virtual Authenticator.

    3. to avoid an Azure AD rejection/duplicate error, manually edit the Access Controls name and ID in one of the Json files.
      (from RequireInWeboMfa to a custom name) i.e :  "Id": "RequireInWeboMfa_2", "Name": "RequireInWeboMfa - 2nd Control"

  2. In Azure AD interface:

    1. create two custom controls with the JSON code retrieved in each connector.

    2. create two policies with the right configuration for each connector.

To sum up, you should do two configurations: one for client apps, another one for web apps . The goal is to get a different authentication scenario depending on the application type (client or web app). Read the next section to know more about the procedure to follow.

How to proceed?

In the following procedure, we give you the specific settings for each use case. The full and general procedure is available in this documentation → Microsoft Azure AD connector.

For web apps

Step 1: create an Azure AD connector and set it to work with Virtual Authenticator (VA).

Step 2: create a new custom control and paste the JSON code retrieved in the connector settings.

Step 3: create a new policy and configure it with the following parameters:

  • In the conditions settings, set the Client apps parameter to “Browser”

  • In Grant settings, select the custom control you have created.

For client apps

Step 1: create an Azure AD connector and set it to work with inWebo Authenticator App.

Step 2: create a new custom control and paste the JSON code retrieved in the connector settings.

Step 3: create a new policy and configure it with the following parameters:

  • In the conditions settings, set the Client apps parameter to “Mobile apps and desktop clients”.

  • In Grant settings, select the custom control you have created.

 

As indicated previously, the full procedure of Azure AD connector configuration is available here → Microsoft Azure AD connector.