Admin Documentation

Welcome to the easyauth.ch admin documentation. This guide will help administrators set up and manage the code card authentication system for their Microsoft Entra ID tenants.

Note: Please request the Postman example client from isolutions for a sample API client.

Step 1: Register the Multi-tenant Application

Connect-AzureAD -TenantId '<Target-tenantId>'
New-AzureADServicePrincipal -AppId 'f7b8ae1b-ee0b-45da-9a98-64f903092dce'
        

Note: The application only requires delegated profile data of the user.

Step 2: Create an External Authentication Method

1. Create a Microsoft Entra ID security group for MFA and add a test user to this group.
2. Open the Security/Authentication methods/New external method and use the EAM Setup values:
   • Client ID: oidc-implicit-eam-mfa
   • Discovery Endpoint: https://easyauth.ch/.well-known/openid-configuration
   • App ID: f7b8ae1b-ee0b-45da-9a98-64f903092dce
3. Use the security group to apply the MFA.

Step 3: Get Admin Access Credentials

Required information:

• Tenant ID
• Test user from Microsoft Entra ID (email and OID)

Step 4: Validate Authentication

Use the test user code card to validate the authentication process: https://outlook.office.com

Step 5: Style the Login Screen

The login screen can be styled for each tenant.

Theming Options

• Image: Must be a PNG file, smaller than 256 KB. For best results, use a height of around 48 pixels and width around 200 pixels.
• Service Name: The service name displayed in the top right corner can be set.
• Login Text: Can be localized in French, German, Italian, and English.
• Button Color: The background color of the button can be customized.
• Show Code Card ID: The ID of each card can be displayed, useful for students with multiple cards.

Default Theme:

Example Theming: