Skip to main content

Conditional Access

You may wish to restrict user access to the Pia Partner Portal to a specific location using geolocation filtering or ip whitelisting. To do this, you can use Microsoft's Conditional Access Policy in your Azure AD subscription.

Before starting, please be aware that you should:

  • Have experience with configuring Azure Conditional Access Policies. Understand that misconfiguring a conditional access policy can lock you and your users out of the system.
  • Purchase the appropriate Office 365 licenses for your staff to enable the use of Conditional Access policies within your Office 365 subscription

Follow the below instructions to configure this:

  1. Navigate to https://portal.azure.com
  2. In the search bar, find Azure AD Conditional Access: conditional-access.png
  3. Select New Policy conditional-access-new.png
  4. Give the new policy a name conditional-access-new-name.png
  5. Select "Users or workload identities" and pick the "All Users" option or a group that you wish to restrict Pia access conditional-access-all.png
  6. Select the "Cloud apps or actions" option.
  7. Click "Select Apps" under include
  8. Search for "Pia.Customer". Only 1 option should appear (note you must have authenticated at least once to the Pia Partner Portal for this to appear)
  9. Click "Select" conditional-access-app-filter.png
  10. Click the "Conditions" option. Here you can define what conditions your users must pass before they can authenticate to Pia, such as Location (geolocation or ip address), Device Platforms (i.e. only intune managed devices). For more information about configuring conditions, refer to this article: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditionsconditional-access-conditions.png

Once you have completed the above configuration, make sure to double check it before you enable the policy. You may also wish to use Microsoft's "Report Only" feature to ensure that your policy does not cause authentication issues for your users.

conditional-access-policy-create.png

Click "Enable Policy" to "On" and click "Create" and you are done!

Test the policy by opening your Pia Partner Portal while not meeting one of the conditions you have set and you will see a message from Microsoft that you are unable to authenticate to the portal.