![]() A client certificate for client authentication must have been issued to your client.Your client device must have access to at least one certificate authority that issues client certificates.Azure Active Directory maps the RFC822 value to the Proxy Address attribute in the directory. For Exchange ActiveSync clients, the client certificate must have the user's routable email address in Exchange online in either the Principal Name or the RFC822 Name value of the Subject Alternative Name field.You can find related steps in the Configure the certificate authorities section. You must have at least one certificate authority configured in Azure Active Directory.Each certificate authority must have a certificate revocation list (CRL) that can be referenced via an internet-facing URL.The root certificate authority and any intermediate certificate authorities must be configured in Azure Active Directory. ![]() To configure Azure AD CBA without needing federation, see How to configure Azure AD certificate-based authentication. The one exception is Exchange Active Sync (EAS) for Exchange Online (EXO), which can be used for federated and managed accounts. CBA with federation is only supported for Federated environments for browser applications, native clients using modern authentication, or MSAL libraries.To configure CBA with federation, the following statements must be true: Assumes that you already have a public key infrastructure (PKI) and AD FS configured.Provides you with the steps to configure and utilize CBA for users of tenants in Office 365 Enterprise, Business, Education, and US Government plans.For more information, see Overview of Azure AD certificate-based authentication against Azure Active Directory. As an alternative, organizations can deploy Azure AD CBA without needing federation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |