docs Entra EAM
Launch Nametag Get help

Entra ID External Authentication Method

Introduction

Nametag can be used as an Entra ID Multifactor Authentication Method. This guide will walk you through the steps to set up Nametag as an MFA provider for your Entra ID tenant.

Prerequisites

Before you begin, you will need the following:

  • An active Entra ID directory with at least a Microsoft Entra ID P1 license.
  • A Nametag account with an active subscription and Admin permission.

Create an Entra ID directory

If you don’t already have an Entra ID integration configured in Nametag, you’ll need to establish one.

  1. Sign in to the Nametag Console
  2. Navigate to Configure > Directories.
  3. Click Add a directory and choose Microsoft Entra ID.
  4. Click Connect to Microsoft Entra ID and accept the permissions requested for Nametag.

Configure Authentication Policy in Nametag

  1. Navigate to Configure > Directories and select the directory you want to configure.
  2. In the External authentication method rules section, choose a policy for account binding. For more information about configuring binding policies see this document.
  3. Note the Directory ID for the directory you just configured. You will need this value when setting up the external authentication method in the Entra admin center.

Create an External Authentication Method

  1. Sign in to the Microsoft Entra admin center.

  2. Navigate to Protection > Authentication methods.

  3. Click Add external method*.

  4. Provide the following information:

    • Name: Nametag
    • Client ID: DIRECTORY_ID (from the previous step)
    • Discovery Endpoint: https://nametag.co/entra/eam
    • App ID: ae2a2b18-026e-4a6d-aab0-5bec8e9fbc11

  5. Click Request permission and accept the permissions requested for Nametag.

  6. Set Enable to On.

  7. Click Save.

Testing Authentication

  1. In an incognito / private browsing window, navigate to a URL that requires multi-factor authentication, for example https://entra.microsoft.com.

  2. Enter your email address and password.

  3. You will be prompted to select an authentication method. Choose Approve with Nametag.

  4. Scan the Nametag QR code and verify your identity.

  5. Once the Nametag identity verification completes, your browser will automatically return to the Entra login view and you will be prompted with “Stay signed in?”. The authentication process is now complete.