Some organizations use conditional access [or equivalent features] in their identity providers [such as Entra ID (formerly known as Azure AD) and Okta] to restrict access to applications from only those devices that meet specific requirements. This restricted access may be based on criteria such as encryption, authentication, installed security products, OS versions etc.
In certain circumstances, it is necessary to bypass these conditional access restrictions to enable access to the Browser Extension. This occurs typically in BYOD use cases, when the Browser Extension is installed on computers that don't meet the corporate requirements that enable access to specified applications. In such circumstances, in order to allow users to login to the Browser Extension with their organizational credentials on their "unsanctioned" computers - and not be blocked, conditional access must be excluded for the Browser Extension.
For general information about configuring identity providers, see Identity Provider [IdP] Integration - SSO [ABS].
Bypassing Conditional Access in Entra ID
Follow this procedure to configure the Browser Extension as an excluded application for conditional access in Entra ID:
-
Open Entra ID.
-
Navigate to the Manage > "Enterprise applications" page.
-
Locate and select your Browser Extension enterprise application.
You may have used a different name for this application.
-
Select "4. Conditional Access."
-
Under Policy Name, select the conditional access policy that you want to modify.
-
In the Security Compliance page, click the ellipse icon to the right of your Browser Extension enterprise application, and then click Remove.
See also:
