/
Conditional Access Policy is preventing login on MobileWMS

Conditional Access Policy is preventing login on MobileWMS

Dec 11, 2024


When using the AzureAD Authentication login method, a Conditional Access Policy can put a stopper for logins from mobile devices.

To ensure this doesn't interrupt your logins, you can make a Named Location with the IP range that the mobile device is assigned and then let them through.

These are the steps needed to do that.


Login to Azure Portal, then navigate to Azure Active Directory > Security > Conditional Access > Named Locations.

  1. Click on ‘IP ranges location’ To add IPs and enter the name of the Location as shown below, mark it as a trusted location:
locationName

     2. Click on the ‘+’ button to add IP address in CIDR format and click Add, to add more than one IP click on plus button again.
addip

     4. Finally click on create and you will have your IP ranges and your location defined.
createip

We have configured and shown the named location only for Canada. Adding an IP range would be the same procedure for USA as well as India as shown above.

Conditional Access Policy:

Now that we have set up the named locations for the IP address, we will be configuring the conditional access policy. To create a new conditional access policy, log in and go to Azure Portal > Azure Active Directory > Security > Conditional Access > Policies.

To configure a conditional access policy, we need to define:

  • A name for the Policy
  • Which users does this policy need to be assigned to
  • Select an application on which action will be performed.
  • Conditions which will apply
  • Access Controls
    • Grant or Block Access
    • Session to configure the sign-in frequency and use app-enforced restrictions.

Note: Make sure that you do not assign the policy to all users and administrators at once. Always assign the policy to some users with no assigned roles first, and enable the policy in Report-only mode to test and make sure the policy works as expected. Otherwise, you have the potential to lock yourself out.

You can check out Microsoft's official documentaion to learn more about all other components. conditional access documentation.