When an external user account (not belonging to ClearPeople) is invited to join the ClearPeople's digital environment (Azure Active Directory tenant), the user has to follow a joining process that starts with the reception of an invitation email and ends up once the minimum security information is set up.
The security information requested during the joining process consists of details to verify that the user is who claims to be when signing in on the ClearPeople's environment. The collection of available validation mechanisms are known as Multifactor Authentication (MFA) methods. Some examples are:
- Microsoft Authenticator app
- SMS text to mobile phone
- A phone call to a phone number
The recommended MFA method is through a mobile application named Microsoft Authentication, which is available for Android and iOS. This application allows the user to authenticate with just one click, accepting a push notification message on the mobile.
While the Microsoft Authentication application is the most agile and safe authentication method, it is recommended to set up an alternative method to be used in case your mobile phone is replaced with a new one. However, as it can be seen next, in the last screenshot of the section "Setup MFA through Microsoft Authenticator", there is no way to set up an additional MFA authentication method, once the Microsoft Authenticator app is configured. In addition, guest users cannot use the standard method available for internal Clearpeople users. The below section "How a guest user can add additional MFA authentication methods" of this article will provide the steps that can be followed by external (guest) users to set up additional MFA methods.
Setup MFA through Microsoft Authenticator
The process to setup MFA through Microsoft Authentication is as follows:
- Accept the join invitation email:
-
- Accept the permissions required to read your email address, name and photo:
-
- Start the configuration of your MFA settings, by clicking on "Next":
-
- Follow the indications provided by the wizard:
-
- The completion of the setup process is reported with the following window:
How a guest user can add additional MFA authentication methods
Microsoft authentication uses the domain part of the email address to identify what organisation (Azure Active Directory) the user belongs to and tries to authenticate the user against that AAD. However, the authentication methods for the ClearPeople environment are located in the ClearPeople's tenant and not in the organisation the external account belongs to. Thus, the standard procedure to add additional MFA authentication methods works only for the MFA methods located in the external organization and not for the MFA methods in the ClearPeople tenant.
This section shows a procedure that allows external (guest) users to add or update their MFA settings at ClearPeople. Please note that each step must be strictly followed as trying to browse directly to some URLs (without going first from the previous steps) will not work:
1.- Brose to:
https://account.activedirectory.windowsazure.com/?tenantid=ba4bb771-3da5-4ca3-ae29-bcf2d5763624&login_hint=my.email.address@external_company.com
Where "my.email.address@external_company.com" is the external user's email address.
After signing in, you will be automatically redirected to https://myapplications.microsoft.com
2.- On the top right corner, click on your account's image/acronym and then select "View account"
3.- Then go to "Security info" > "UPDATE INFO"
4.- Click on "Add method" to add new authentication methods:
Comments
0 comments
Please sign in to leave a comment.