SAS PCE as an External MFA in Microsoft Entra ID
Integrating SafeNet Authentication Service Private Cloud Edition (SAS PCE) with Entra ID enables customers with Entra ID to use SAS PCE as an external multi‑factor authentication (MFA) provider through SafeNet Access Exchange (SAE). In this configuration, Entra ID acts as the primary identity provider while delegating MFA requirements to SAS PCE.
External MFA enables Entra ID to delegate the second authentication factor to SAS PCE for access to protected resources or applications. Entra ID defines both the required authentication strength and the methods that SAS PCE must enforce.
When a user attempts to access a resource, Entra ID first validates the primary authentication method (for example, a password). The user is then redirected to SAS PCE to complete the additional authentication step using supported methods (such as MobilePASS+ or GrIDsure).
Authentication Flow
The image below illustrates the user authentication flow.
Integration — SAS PCE as external MFA with Entra ID
Before you start integrating SAS PCE as external MFA with Entra ID, you need to complete specific prerequisites.
Integrating SAS PCE as external MFA with Entra ID is a three-step process:
