Bypass multi-factor authentication in Entra ID
In this topic, you will learn how to whitelist the IP addresses of Portnox™ Cloud services in Microsoft Entra ID so that you can bypass multi-factor authentication (MFA) when accessing Entra ID services.
Note: Microsoft Azure Active Directory has been renamed by Microsoft and is now called Microsoft Entra ID.
Note: You only need to complete this task if you turned on multi-factor authentication (MFA) in Microsoft Entra ID for the
policies that you use with Portnox Cloud.
- Open your Azure Portal dashboard.
-
In the Search resources, services, and docs field, start typing conditional
access, and then click on the Microsoft Entra Conditional Access entry listed
below.
-
In the left-hand side menu of the Conditional Access pane, click on the Named
locations option.
-
In the top menu, click on the + IP ranges location button.
-
In the New location (IP ranges) pane, in the Name field, enter a name for
the new range, and then click on the + button to add IP ranges. When done,
click on the Create button below.
In this example, we used the name Portnox Cloud but you can use any name you like.
-
If your instance uses the United States region for the Cloud RADIUS server, enter the following IP ranges:
- 13.92.154.121/32 (used for network authentication)
- 13.92.155.150/32 (used for AgentP enrollment)
-
If your instance uses the European region for the Cloud RADIUS server, enter the following IP ranges:
- 13.95.164.190/32 (used for network authentication)
- 104.40.220.180/32 (used for AgentP enrollment)
If your instance uses both regions, add all four IP ranges listed above.
-
-
In the left-hand side menu of the Conditional Access pane, click on the
Policies option.
-
Find the policy that you want to edit in the list of existing policies and click on its name.
Note: Select the policy that has multi-factor authentication enabled, where you need to bypass MFA to gain access to Portnox Cloud services.
-
In the pane for the selected policy, click on Select pane, select the IP range you just created, click on the
Select button, and then click on the Save button.
, and in the
- Optional:
If classic policies are configured, whitelist the IP addresses in classic policies, too.