Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Take the survey
Reply
brmeyer
Level 1 Contributor
‎08-28-2019 04:26 AM
Level 1 Contributor
‎08-28-2019 04:26 AM

Microsoft MFA + 3rd Party MFA in Parallel

Hello
I require some information regarding Microsoft MFA + 3rd Party MFA in Office 365.
I do apologise if this is a noob question or this question has already been answered.
 
Background:
I am in the process to switch the Microsoft MFA to a 3rd part MFA provider using SAML2 integration. From what I understand when changing to SAML2 it applies to the whole domain?
I currently have users making use of Microsofts MFA and I are trying to determine the impact the change of MFA providers might have on these existing users.
 
Questions: 
  1. When changing to a 3rd part MFA provider can we make use of both Microsoft MFA and the 3rd party integration?  
  2. If this is possible can we then define what MFA a user makes use of?
  3. Is there any additional configuration required from an Azure AD or Office 365 to enable us to make use of both services.
  4. How will this impact user experience? (When logging into the organization's Office365 portal will the user then get a dropdown to select the MFA provider?)
  5.  If it's not possible to make use of Microsoft MFA and a 3rd part MFA provider in parallel, what would be the recommended implementation to limit the impact on the existing users? Do we disable Microsoft MFA for them and then get them migrated over?

I hope someone can help me?

Thanks in advance.

Labels:
0 Kudos
1 ACCEPTED SOLUTION
idwilliams
Moderator
‎08-30-2019 08:42 AM
Moderator
‎08-30-2019 08:42 AM

@brmeyer you cannot use Azure MFA and third-party MFA solution for an account at the same time. Under most circumstances you are federating a domain with the third-party solution, so any authentication request for an account that is associated with that domain will be using the third-party solution. If you want to use Azure MFA, then you will need to use a cloud identity. Note that Azure MFA Server can integrate with ADFS, but that involves federation so it is similar the third-party scenario.

View solution in original post

2 REPLIES 2
idwilliams
Moderator
‎08-30-2019 08:42 AM
Moderator
‎08-30-2019 08:42 AM

@brmeyer you cannot use Azure MFA and third-party MFA solution for an account at the same time. Under most circumstances you are federating a domain with the third-party solution, so any authentication request for an account that is associated with that domain will be using the third-party solution. If you want to use Azure MFA, then you will need to use a cloud identity. Note that Azure MFA Server can integrate with ADFS, but that involves federation so it is similar the third-party scenario.

brmeyer
Level 1 Contributor
‎09-02-2019 05:37 AM
Level 1 Contributor
In response to idwilliams
‎09-02-2019 05:37 AM

@idwilliams thank you for the reply.

I suspected the 3rd party MFA federation to the domain will not allow both to work in parallel. 

 

Thanks for the feedback. 

0 Kudos
Follow Us
    Share