docs Entra ID EAM
Launch Nametag Get help

Entra ID External Authentication Method

Introduction

Nametag can be used as an Entra ID multifactor authentication method. This guide will walk you through the steps to set up Nametag as an MFA provider for your Entra ID tenant.

Prerequisites

Before you begin, you will need the following:

  • An active Entra ID directory with at least a Entra ID P1 license.
  • A Nametag account with an active subscription and Admin permission.

Create an Entra ID directory

If you don’t already have an Entra ID integration configured in Nametag, you’ll need to establish one.

  1. Sign in to the Nametag console
  2. Go to Configure > Directories.
  3. Select Add a directory and choose Entra ID.
  4. Select Connect to Entra ID and accept the permissions requested for Nametag.

Configure authentication policy in Nametag

  1. Go to Configure > Directories and select the directory you want to configure.
  2. In the External authentication method rules section, choose a policy for account binding. For more information about configuring binding policies see this document.
  3. Note the Client ID for the directory you just configured. You will need this value when setting up the external authentication method in the Entra ID console.

Create an external authentication method

  1. Sign in to the Entra ID console.

  2. Go to Protection > Authentication methods.

  3. Select Add external method

    Add external method

  4. Provide the following information:

    Name
    Nametag
    Client ID
    CLIENT_ID (from the previous step)
    Discovery Endpoint
    https://nametag.co/entra/eam
    App ID
    ae2a2b18-026e-4a6d-aab0-5bec8e9fbc11
    Add external method

  5. Select Request permission and accept the permissions requested for Nametag.

  6. Set Enable to On.

  7. Select Save.

Testing authentication

  1. In an incognito / private browsing window, go to a URL that requires multifactor authentication, for example https://entra.microsoft.com.

  2. Enter your email address and password.

  3. You will be prompted to select an authentication method. Choose Approve with Nametag.

    Configure external method

  4. Scan the Nametag QR code and verify your identity.

  5. After the Nametag identity verification completes, your browser will automatically return to the Entra ID sign in view and you will be prompted with “Stay signed in?”. The authentication process is now complete.