Strong, adaptable MFA is essential for safeguarding digital environments against increasingly sophisticated threats. Yet, according to Nexus, many organisations using Microsoft Entra ID have faced limitations when expanding their security strategies, as second-factor authentication was historically restricted to native Microsoft methods like Microsoft Authenticator.

This created a disconnect for organisations already invested in trusted identities and secure authentication frameworks. “Critical identity investments could not easily extend to Microsoft environments, adding complexity for IT teams and end users. As a result, the need for a more flexible, integrated MFA approach became increasingly urgent,” explains Olivier Dussutour, CEO and Head of the Workforce Identity at Nexus.

Microsoft’s External Authentication Method (EAM) changes the game

Microsoft’s External Authentication Method (EAM) addresses these challenges by enabling organisations to use trusted external identity providers (IdPs) for MFA in Entra ID. This advancement opens new opportunities to align authentication strategies with broader security frameworks such as NIS2, GDPR, and eIDAS while allowing users to authenticate through familiar, already-issued credentials.

By adopting external authentication, organisations can modernize their security posture without introducing new tools, retraining users, or compromising the consistency of user access across platforms.

Organisations using Smart ID can unify digital access across internal and external environments, reduce complexity, and maximize the value of their trusted credentials — all while maintaining operational simplicity.

As an external Identity Provider (IdP), Smart ID authenticates users and verifies their credentials during the Microsoft Entra login process. By supporting a wide range of authentication methods, Smart ID offers organisations the flexibility to tailor MFA according to operational needs and user preferences.

“This allows users to authenticate with secure credentials they already trust, such as smart cards, mobile PKI, or FIDO2 tokens, while maintaining a smooth, familiar experience across Microsoft services,” adds Mille Bessö, product manager at Nexus, emphasising the significance of the move.

In addition, Smart ID enables NFC-based authentication on shared mobile devices — a critical feature for high-assurance environments such as healthcare, government, and regulated industries. This flexibility ensures organisations meet stringent security requirements while maintaining a consistent and user-friendly access experience.

Extend security beyond MFA

Modern identity strategies require a comprehensive approach to access control, authorisation, and assurance. Smart ID provides the tools to manage access consistently across systems, users, and environments.

Unified access and authorisation

Beyond enabling MFA, Smart ID provides a centralized platform for secure login, single sign-on (SSO), and fine-grained access management.

“Organisations can enforce access policies based on a combination of authentication methods, user group membership, device type, network location, and time-based conditions, ensuring consistent security across hybrid environments while reducing administrative overhead,” says Mille Bessö, product manager at Nexus.

In addition to digital authentication, Smart ID supports physical access across workplaces, using the same trusted identities.

By customising and encoding the RFID component of issued smart cards or mobile credentials, organisations can use the same trusted identities for building access systems, secure printing, and other workplace services.

This digital and physical security consolidation simplifies administration, strengthens overall security policies, and creates a seamless user experience across all access points.

Trusted identities and flexibility

By integrating Smart ID with Microsoft Entra ID, organisations can combine the benefits of trusted, high-assurance identities with the flexibility needed to meet today’s evolving security and compliance requirements.

“Organisations already using Smart ID can extend its value even further, delivering seamless, secure authentication across Microsoft services and beyond, without adding user friction or complexity for IT teams,” concludes Olivier.