Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - Getting Started: MSP Onboarding Guide
  - Evo Authenticator Mobile App 5.1.x (iOS and Android)
  - Evo Supported Authentication Methods
Directory Integrations
- Environments
  - What type of Directory do I need?
  - Directory Integration: Entra ID (formerly Azure Active Directory)
  - Set up Evo on Active Directory (LDAP)
  - Sync with Google Workspace
  - Evo Cloud: Directory-As-A-Service Setup and Installation
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Advanced Configurations
  - How to protect Remote Desktop using Evo Security (RDP Support)
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
  - Deploying the Evo Agent using ConnectWise RMM
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
- MFA
  - Getting Started: Multi-Factor Authentication
  - Evo Secure Login for Windows / Troubleshooting Secure Login
- SSO/ SAML
  - What SAML integrations are available?
  - Passwordless Login
  - How do I add a rule for single sign-on (SSO) expiration
  - Identity Provider (IdP) Login
  - Connect Web Apps via SAML with Evo: Version 3
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Azure AD - Federating Microsoft 365 domain
  - WS-Federation integration for Office 365 login
  - Setting up SAML with Salesforce
  - Setting up SAML with Dropbox
  - Setting up SAML with Keeper
  - Setting up SAML with Box.com
  - Setting up SAML with Liongard
  - Setting up SAML with Auvik
  - Setting up SAML with Domotz
- Tech Elevation
  - Getting Started: Technician Elevation
  - Technician Elevation: Extended User Access Control session
  - Technician Elevation: Just-in-Time Accounts
  - Password Rotation with Evo
  - Local Admin Accounts
  - Web Accounts
- End User Elevation
  - Getting Started: End User Elevation
  - Usage Guide: End User Elevation
  - End User Elevation: Custom Branding
- Help Desk Verification
  - Getting Started: Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
- Agents
  - Windows Agent Deployment
  - LDAP Agent Settings Editor
  - macOS Agent Deployment
Evo Portal
- Navigation & Managment
  - Welcome to the New Evo Portal!
  - Tenants Page
  - Policies Page
  - Rules Section (Global)
  - Integrations Page
  - Settings Section
  - Dashboard Page
  - Directories Page
  - Vault Section
  - Users Page
  - Groups Page
  - Access Tokens Page
  - Keys (Hardware Keys) Page
  - Endpoints Section
  - Applications Page
  - Elevation Section (Tenant)
  - Role-Based Permissions / List of Roles
- User & Directory Management
  - How do I add or delete customers?
  - How do I add, edit or disable a Domain Account?
  - How do I add, edit, or delete a directory?
  - How do I disable, enable, or delete user devices (Endpoints)?
  - User Groups
  - How do I manage my user licenses? (Billing and Administration)
Integrations
- PSA & Password Sync Integrations
  - Evo Password Integration with ITGlue
  - Integrating Evo with IT Glue
  - Integrating Evo with Halo PSA
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
- Microsoft EAM Integration
  - Microsoft EAM integration
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - Set Evo Secure Login as default option at login screen
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I create my user account?
  - How do i log in?
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
  - Error Fetching AD Groups: How to fix AAD Client Secret expired
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
- RADIUS Troubleshooting
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
  - Requesting a RADIUS Server in Evo / RADIUS Troubleshooting
Support & Resources
- Support & Resources
  - Where to go for help / feature requests
  - Adding Evo Users to the Evo Support Portal
  - Setting up Mobile Email to Provide Logs to Evo
  - How do I add, edit, or delete email campaigns?
  - How do I update Evo software?
More

Microsoft EAM integration

Last updated on October 9, 2025

Overview

This guide walks you through connecting Microsoft Entra ID’s External Authentication Method (EAM) with the Evo Portal, so your users can satisfy Microsoft’s MFA prompts using Evo’s authentication. Microsoft EAM integration will be set up on a per-directory basis.

Configuration

Locate the Integrations tab under Evo Admin

Navigate to Microsoft EAM and hit Configure

Once here you’ll be shown the list of Directories you have Microsoft EAM configured for. To select a new directory hit the +New on the top right

From here you will select the Directory you wish to Enable with Microsoft EAM and once selected hit Enable EAM on far right

Once here you’re going to be greeted with settings to bring over and configure in your Microsoft Entra ID ( Formerly Azure Active Directory ) application.

Setup Instructions:

Access Microsoft Entra Admin Center: Log in to your Entra ID tenant at https://entra.microsoft.com as a global administrator.

Navigate to Authentication Methods: Go to Authentication Methods → Policies.

Add External Method: Click + Add External Method.

Configure Method Details: Enter a descriptive name (e.g., "Evo MFA") - users will see this name during authentication. Copy and paste the Client ID from above Copy and paste the Discovery Endpoint from above Copy and paste the App ID from above

Grant Admin Consent: If you see "Request permission" instead of "Admin consent granted", verify the App ID is correct, then click the permission button and check "Consent on behalf of your organization" before accepting.

Configure User Targeting: Choose which groups should have access to this authentication method. By default, it applies to all users with MFA requirements. (If using EAM for Web Accounts, setup a group for the Web Accounts users and target that group)

Enable the Method in Entra: In Entra, below the fields toggle Enable from Off to On if you want to activate immediately.

Save Configuration: Click Save to create the Evo external authentication method.

Note: Microsoft Entra ID may take up to 10-15 minutes to apply new External Authentication Settings. If sign-ins fail during this time, try again shortly.

Microsoft EAM is now Configured!

If Microsoft keeps asking to set up another MFA method , there's a setting in azure you can disable to turn that off.

https://entra.microsoft.com/

Authentication Methods -> Registration Campaign -> Disable

Did this answer your question?

😞

😐

🤩

Evo Integration with ConnectWise How does the "MFA Status" toggle work?