自定义控件(预览版)Custom controls (preview)

自定义控件是 Azure Active Directory 的预览功能。Custom controls is a preview capability of the Azure Active Directory. 使用自定义控件时,用户将被重定向到兼容服务,以满足 Azure Active Directory 之外的身份验证要求。When using custom controls, your users are redirected to a compatible service to satisfy authentication requirements outside of Azure Active Directory. 若要满足此控件要求,用户浏览器将重定向到外部服务,执行任何所需的身份验证,然后重定向回 Azure Active Directory。To satisfy this control, a user's browser is redirected to the external service, performs any required authentication, and is then redirected back to Azure Active Directory. Azure Active Directory 将验证响应,如果用户已成功完成身份验证或验证,该用户将继续留在条件访问流中。Azure Active Directory verifies the response and, if the user was successfully authenticated or validated, the user continues in the Conditional Access flow.

创建自定义控件Creating custom controls

自定义控件使用有限的一组已批准身份验证提供程序。Custom Controls works with a limited set of approved authentication providers. 若要创建自定义控件,应首先联系想使用的控件的提供商。To create a custom control, you should first contact the provider that you wish to utilize. 每个非 Microsoft 提供商在注册、订阅或以其他方式加入服务以及指示想要与条件访问集成方面都有自己的进程和要求。Each non-Microsoft provider has its own process and requirements to sign up, subscribe, or otherwise become a part of the service, and to indicate that you wish to integrate with Conditional Access. 此时,提供商将提供采用 JSON 格式的数据块。At that point, the provider will provide you with a block of data in JSON format. 使用此数据可使提供商和条件访问一起服务于租户,创建新控件,并确定条件访问如何判断用户是否通过提供商成功执行了验证。This data allows the provider and Conditional Access to work together for your tenant, creates the new control and defines how Conditional Access can tell if your users have successfully performed verification with the provider.

复制 JSON 数据,然后将其粘贴到相关文本框中。Copy the JSON data and then paste it into the related textbox. 不要对 JSON 做任何更改,除非用户明确理解所做的更改。Do not make any changes to the JSON unless you explicitly understand the change you're making. 做出任何更改可能中断提供商和 Microsoft 之间的联系,并且有可能将你和你的用户锁定在帐户之外。Making any change could break the connection between the provider and Microsoft and potentially lock you and your users out of your accounts.

创建自定义控件的选项位于“条件访问” 页的“管理” 部分中。The option to create a custom control is in the Manage section of the Conditional Access page.

条件访问中的自定义控件接口

单击“新建自定义控件” ,打开包含控件 JSON 数据文本框的边栏选项卡。Clicking New custom control, opens a blade with a textbox for the JSON data of your control.

新建自定义控件

删除自定义控件Deleting custom controls

若要删除自定义控件,必须先确定它未在任何条件访问策略中使用。To delete a custom control, you must first ensure that it isn't being used in any Conditional Access policy. 完成后:Once complete:

  1. 转到“自定义控件”列表Go to the Custom controls list
  2. 单击...Click …
  3. 选择“删除” 。Select Delete.

编辑自定义控件Editing custom controls

若要编辑自定义控件,必须删除当前控件,然后使用更新的信息创建新控件。To edit a custom control, you must delete the current control and create a new control with the updated information.

已知的限制Known limitations

在 Intune 设备注册过程中或者在将设备加入 Azure AD 时,不能将自定义控件与 Identity Protection 的需要 Azure 多重身份验证的自动化以及要求多重身份验证声明的 Azure AD 自助式密码重置 (SSPR) 配合使用来提升 Privileged Identity Manager (PIM) 中角色的权限。Custom controls cannot be used with Identity Protection's automation requiring Azure Multi-Factor Authentication, Azure AD self-service password reset (SSPR), satisfying multi-factor authentication claim requirements, to elevate roles in Privileged Identity Manager (PIM), as part of Intune device enrollment, or when joining devices to Azure AD.

后续步骤Next steps