Alert EnterpriseWiki

Conditional Access (Entra ID)

Authentication

Microsoft Entra ID's policy engine that gates authentication based on signals — user, device, location, application, risk level. Conditional Access lets the customer's identity admin express rules like "require MFA when accessing AE Guardian from outside the corporate network" or "block sign-in if the device is non-compliant" or "step up to phishing-resistant MFA for privileged users."

Requires Entra ID Premium P1 (basic policies) or P2 (risk-based policies with Identity Protection signals). Customers on the free Entra tier rely on Security Defaults instead, which apply a fixed policy across the whole tenant.

When AE Guardian is registered as an Enterprise Application in Entra ID and the customer has Conditional Access policies targeting it, all of those policies flow through automatically when users SSO into Guardian via microsoft-entra-id-sso. AE doesn't need to configure anything Conditional-Access-related; it inherits the customer's policy posture.

Okta's analogous concept is Sign-On Policy; PingFederate's is Authentication Policy / Selector chain.

What other systems call it

Per-vendor / per-standard terminology for this same concept.

SystemTerm / Notes
OKOktaSign-On Policy (the Okta analog)
MEMicrosoft Entra IDConditional Access (Entra Premium P1+) — policy engine for context-aware auth

Used by 3 connectors

Connectors in the catalog that reference this concept.

Azure SSO (legacy — superseded by Microsoft Entra ID SSO)
Microsoft
Microsoft Entra ID SSO
Microsoft
Microsoft Entra ID (formerly Azure AD)
Microsoft
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.