Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Take the survey
Reply
HarveyBz
Level 1 Contributor
‎06-20-2020 04:50 PM
Level 1 Contributor
‎06-20-2020 04:50 PM

Azure Multi-Factor Authentication Server sdk alternative option

We have a solution that uses the Azure Multi-Factor Authentication Server SDK to trigger a call or sms message to the register user. However, as of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. Now we need to integrate are solution with cloud-based Azure Multi-Factor Authentication, could we use the Microsoft Graph or any other way to trigger a call or sms if we provide the username. The solution does not require the client to authenticate, so based on the user's email, we need to trigger the call, sms or ask for Microsoft Authenticator  code?

 

Thanks for all the help.

 

Harvey

0 Kudos
4 REPLIES 4
JanoschUlmer
Microsoft
‎06-22-2020 05:33 AM
Microsoft
‎06-22-2020 05:33 AM

I think rather you would need to integrate the application you want to protect with AzureAD, so when authentication to an app is happing the respective MFA method is triggered via AzureAD.

 

Can you explain more about what kind of solution you have build? E.g. if the user does need to authenticate why trigger MFA? 

Kind regards, Janosch (Note: Leaving role as of March 2023, don't expect further answers. Connect with me via LinkedIn: https://linkedin.com/in/janoschulmer)
0 Kudos
HarveyBz
Level 1 Contributor
‎06-25-2020 05:18 PM
Level 1 Contributor
In response to JanoschUlmer
‎06-25-2020 05:18 PM

Thank you JanoschUlmer  for your response.

 

Basically, it is a self service password reset and account lockout that uses different MFA providers from different vendors including Azure MFA. That is why we were using the sdk for Azure MFA to do this integration. However, for new customers, they are not allow to download de server for Azure MFA. So, we need to register our application in Azure AD and them trigger call, sms or code validation by just supplying the user UPN o email.

0 Kudos
gmatta
‎09-16-2020 01:41 AM
Visitor 1
In response to HarveyBz
‎09-16-2020 01:41 AM

Hi HarveyBz,

 

I was just wondering if you had any luck finding a solution for this. We have the exact same requirement and looking for workarounds.

 

Best regards.

0 Kudos
JanoschUlmer
Microsoft
‎09-17-2020 12:49 AM
Microsoft
In response to gmatta
‎09-17-2020 12:49 AM

Well, Azure MFA can not be integrated with any other identity system then AzureAD - and AzureAD owns the account lockout, triggers MFA etc. Ability to integrate other MFA providers can happen with Conditional Access custom controls: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls

However, currently there is no way to trigger a MFA prompt by just supplying the UPN, it is required to authenticate (so UPN + password). There is feedback on having some kind if test trigger functionality already:https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160602 

Also a solution might be to integrate directly in AzureAD using Graph (API).

Kind regards, Janosch (Note: Leaving role as of March 2023, don't expect further answers. Connect with me via LinkedIn: https://linkedin.com/in/janoschulmer)
0 Kudos
Follow Us
    Share