MIM2016: Using Azure MFA Mobile App Auth in authorization workflows

This is a follow-up post to my article regarding Azure MFA used in an authorization workflow for MIM 2016. You can get some details on the scenario from that post.

As a limitation the Azure MFA SDK can only be used for Phone or SMS (one-way, two-way) authentication but not with the mobile app method. That’s because of mobile app uses a Web Service to get messages pushed and this one needs to be implemented with MFA-Server.

But I find it a neat solution to have an authorization task for an approval of group membership with using the mobile app. There are a couple of things needed to get this working:

  • Azure MFA Server
  • Installation of Web Service SDK
  • Installation of Web Service for Mobile App
  • Public Trusted Certificate (or Self Signed for demo lab like I did)
  • Optionally: Azure MFA User Portal (For user registering mobile app with QR-Code)

I do not explain how to install these components because there is a lot of very good documentation out there. I used the following one which worked like charm:

https://4sysops.com/archives/azure-multi-factor-authentication-part-4-portals/

Read more of this post

Advertisements

MIM2016: Using Azure MFA in an Authorization Workflow with PowerShell

While thinking about Azure MFA and it’s usage in MIM for password reset or as authorization step when requesting a PAM role, I thought to myself, why not use this as an workflow activity in an authorization workflow. For example when requesting a group membership. Sadly you can not configure the OOB MFA activities that comes with MIM.

So why not doing it on my own, using the Azure MFA SDK. And I find out it’s quite simple so far.
This demo approves a member join to a group by Azure MFA with a phone call, you have to anser the call with a # to get into the group. The MobilePhone attribute of your MIM Portal users have to be set to a valid number for this demo to work.
Read more of this post

%d bloggers like this: