MIM2016: Using Azure MFA Mobile App Auth in authorization workflows

This is a follow-up post to my article regarding Azure MFA used in an authorization workflow for MIM 2016. You can get some details on the scenario from that post.

As a limitation the Azure MFA SDK can only be used for Phone or SMS (one-way, two-way) authentication but not with the mobile app method. That’s because of mobile app uses a Web Service to get messages pushed and this one needs to be implemented with MFA-Server.

But I find it a neat solution to have an authorization task for an approval of group membership with using the mobile app. There are a couple of things needed to get this working:

  • Azure MFA Server
  • Installation of Web Service SDK
  • Installation of Web Service for Mobile App
  • Public Trusted Certificate (or Self Signed for demo lab like I did)
  • Optionally: Azure MFA User Portal (For user registering mobile app with QR-Code)

I do not explain how to install these components because there is a lot of very good documentation out there. I used the following one which worked like charm:

https://4sysops.com/archives/azure-multi-factor-authentication-part-4-portals/

Read more of this post

Advertisements
%d bloggers like this: