Azure MFA Attribute

abhishek_chowdhury · May 25, 2021, 7:38am

Hi,
Is it possible to read strongAuthentication or strongAuthenticationRequirements attribute to be read via Azure connector. Or is there any other schema attribute in Azure connector which can tell the MFA registration status of the user.

colin_mckibben · May 25, 2021, 3:13pm

Hey @abhishek_chowdhury, Thanks for posting this question. I am going to poke around internally for someone that has the answer to your question.

colin_mckibben · May 26, 2021, 2:48pm

Hey @abhishek_chowdhury, someone from our India team should be able to provide an answer for you when they return tomorrow. Thanks for your patience!

jagdeep.dhamande · May 27, 2021, 5:48am

@abhishek_chowdhury Microsoft has not provided any API to get the MFA registration details for user , so currently connector is not able provide these details. Only way currently to get these attributes is powershell commands .which can be found in this MS Post

derek_hackbardt · June 18, 2021, 9:06pm

The /beta/reports/credentialUserRegistrationDetails graph api method allows you to query individual users to determine if they are mfa registered, enabled for sspr, etc… Unfortunately its not available on the get user method directly and requires a separate call. There isn’t a graph api method yet that I’ve found that allows the mfa settings to be reset. Certain methods can be manipulated via the /beta/users//authentication/methods endpoint, but not everything yet.

abhishek_chowdhury · June 22, 2021, 2:29am

We developed a separate connector to get the details and correlation based on the upn to solve this use case

farley_padron · July 11, 2023, 2:34pm

Hi Abhishek. We got a request to auto-populate the mobile phone number into users’ Azure MFA, and am interested in your solution. Would you be willing to share the details, if not the actual code? Thanks.

abhishek_chowdhury · July 11, 2023, 3:12pm

Hi,
I have used the web service connector and Azure graph api to build a connector to fetch the required info and populate an Identity attribute. If you have postman rest api’s to update the phone, then it would be easy to translate postman into a web service connector.
To keep it simple name the application appropriately as it will create an additional link on the Identity cube
Thanks,
Abhishek

farley_padron · July 11, 2023, 9:00pm

Thank you for replying so quickly. Looks like they added managing Azure MFA to the connector ootb at some point:

https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/mfa_management.html
https://documentation.sailpoint.com/connectors/microsoft/azure_ad/help/integrating_azure_active_directory/mfa_schema_attributes.html

vita450 · August 20, 2023, 1:19pm

Hi Farley
is this for IdentityIQ or IdentityNow??

system · October 19, 2023, 1:20pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IIQ - Azure AD Connector IIQ Discussion and Questions	7	3158	July 19, 2023
Azure AD connector throttling with ma attributes IIQ Discussion and Questions aggregation , identityiq	11	253	May 3, 2024
Azure AD connector setup to retrieve account custom attributes in azure AD ISC Discussion and Questions	2	2668	July 19, 2023
Manage Exchange Online Attributes from IdentityIQ IIQ Discussion and Questions identityiq , connectors	15	215	March 1, 2025
Link not updating one attribute IIQ Discussion and Questions webservice-connector , identityiq	12	651	December 2, 2023

Azure MFA Attribute

Related topics