Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Reply
Level 1 Contributor

Azure Multi-Factor Authentication Server sdk alternative option

We have a solution that uses the Azure Multi-Factor Authentication Server SDK to trigger a call or sms message to the register user. However, as of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. Now we need to integrate are solution with cloud-based Azure Multi-Factor Authentication, could we use the Microsoft Graph or any other way to trigger a call or sms if we provide the username. The solution does not require the client to authenticate, so based on the user's email, we need to trigger the call, sms or ask for Microsoft Authenticator  code?

 

Thanks for all the help.

 

Harvey

4 REPLIES 4
Microsoft

I think rather you would need to integrate the application you want to protect with AzureAD, so when authentication to an app is happing the respective MFA method is triggered via AzureAD.

 

Can you explain more about what kind of solution you have build? E.g. if the user does need to authenticate why trigger MFA? 

Kind regards,
Janosch
Level 1 Contributor

Thank you JanoschUlmer  for your response.

 

Basically, it is a self service password reset and account lockout that uses different MFA providers from different vendors including Azure MFA. That is why we were using the sdk for Azure MFA to do this integration. However, for new customers, they are not allow to download de server for Azure MFA. So, we need to register our application in Azure AD and them trigger call, sms or code validation by just supplying the user UPN o email.

Visitor 1

Hi HarveyBz,

 

I was just wondering if you had any luck finding a solution for this. We have the exact same requirement and looking for workarounds.

 

Best regards.

Microsoft

Well, Azure MFA can not be integrated with any other identity system then AzureAD - and AzureAD owns the account lockout, triggers MFA etc. Ability to integrate other MFA providers can happen with Conditional Access custom controls: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls

However, currently there is no way to trigger a MFA prompt by just supplying the UPN, it is required to authenticate (so UPN + password). There is feedback on having some kind if test trigger functionality already:https://feedback.azure.com/forums/169401-azure-active-directory?category_id=160602 

Also a solution might be to integrate directly in AzureAD using Graph (API).

Kind regards,
Janosch