- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe to Topic
- Printer Friendly Page
Azure Multi-Factor Authentication Server sdk alternative option
We have a solution that uses the Azure Multi-Factor Authentication Server SDK to trigger a call or sms message to the register user. However, as of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. Now we need to integrate are solution with cloud-based Azure Multi-Factor Authentication, could we use the Microsoft Graph or any other way to trigger a call or sms if we provide the username. The solution does not require the client to authenticate, so based on the user's email, we need to trigger the call, sms or ask for Microsoft Authenticator code?
Thanks for all the help.
Development Platform & Tools
I think rather you would need to integrate the application you want to protect with AzureAD, so when authentication to an app is happing the respective MFA method is triggered via AzureAD.
Can you explain more about what kind of solution you have build? E.g. if the user does need to authenticate why trigger MFA?
Thank you JanoschUlmer for your response.
Basically, it is a self service password reset and account lockout that uses different MFA providers from different vendors including Azure MFA. That is why we were using the sdk for Azure MFA to do this integration. However, for new customers, they are not allow to download de server for Azure MFA. So, we need to register our application in Azure AD and them trigger call, sms or code validation by just supplying the user UPN o email.
I was just wondering if you had any luck finding a solution for this. We have the exact same requirement and looking for workarounds.
Well, Azure MFA can not be integrated with any other identity system then AzureAD - and AzureAD owns the account lockout, triggers MFA etc. Ability to integrate other MFA providers can happen with Conditional Access custom controls: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls
However, currently there is no way to trigger a MFA prompt by just supplying the UPN, it is required to authenticate (so UPN + password). There is feedback on having some kind if test trigger functionality already:https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160602
Also a solution might be to integrate directly in AzureAD using Graph (API).