--- title: Editing an application for Microsoft Entra ID external MFA description: Configure an OIDC application in PingOne to handle authentication requests from Microsoft Entra ID. component: pingone page_id: pingone:applications:p1_configure_oidc_application_microsoft_entra_eam canonical_url: https://docs.pingidentity.com/pingone/applications/p1_configure_oidc_application_microsoft_entra_eam.html revdate: March 10, 2025 --- # Editing an application for Microsoft Entra ID external MFA To connect PingOne as the external authentication provider for multi-factor authentication (MFA) *(tooltip: \
\

An electronic authentication method where a user is granted access only after presenting two or more verification factors for authentication.\

\
)* in Microsoft Entra ID, you must configure an OpenID Connect (OIDC) *(tooltip: \
\

An authentication protocol built on top of OAuth that authenticates users and enables clients (relying parties) of all types to request and receive information about authenticated sessions and users. OIDC is extensible, allowing clients to use optional features such as encryption of identity data, discovery of OpenID Providers (OAuth authorization servers), and session management.\

\
)* application to handle authentication requests from Entra ID. When a user attempts to access an application configured in Entra, the user authenticates first with Entra ID and then is redirected to a third-party MFA provider, such as PingOne, for second-factor authentication. You must also add a Microsoft identity provider (IdP) *(tooltip: \
\

A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\

\
)*. Learn more about configuring Entra ID as the IdP in [Setting up PingOne SSO and PingID as the external MFA provider for Microsoft Entra ID](../use_cases/p1_set_up_external_mfa_provider_microsoft_entra_use_case.html).