How do I get "Software OATH token" authentication method added to my AAD account (see screenshot)

Question

Dear all,

In AAD, I'm looking for a way to get the "Software OATH token (Preview)" authentication method, added to my account.

My colleague has managed it (as the following screenshot shows), but no-one seems to know how he's done it. Could someone please explain what I need to do to enable this?

I want to use "OAuth2.0 authentication" to connect to Dynamics.

Appreciate your kind assistance.

Answer 1

I have just come across this in my tenant while testing Azure MFA and SSPR (Self-Service Password Reset) with the Combined Registration Mode enabled and "Require Registration" enabled. When the users sign-in they prompted with "More information required" and then ran through the process to setup two MFA options for SSPR. The first step presented to the user is to setup the Microsoft Authenticator. In the step there is the option "I want to use a different authenticator app". The user chose that option and used the Google Authenticator app. When I reviewed the Authentication Methods for that user account I saw "Software OATH token (Preview)" as one of the Authentication methods.

I am working with MSFT on Azure MFA/SSPR to find out if this is actually supported since it is labeled "Preview" and preview features are typically not supported in a production environment.

So, setup Google Authenticator as your Authentication app for Azure MFA and you will be able to recreate "Software OATH token (Preview)" as an Authentication Method.

Answer 2

How I worked round this.

The reason I needed this (Software OATH token) was because, whenever I connected to Dynamics thru C#, I received an error "You are using Ws-Trust authentication which has been deprecated and no longer supported in your environment. Please use OAuth2.0 authentication".

So in the end I created an AAD "App Registration", then created a Dynamics "Application User" based in the App Registration. I then connected using that.

Appreciate you looking at this, @Andy David - MVP .

Regards to all.

Answer 3

It would need to be added following:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens

https://portal.azure.com/#blade/Microsoft_AAD_IAM/MultifactorAuthenticationMenuBlade/HardwareTokens/fromProviders/

Answer 4

Don't do it.......
it kicks off some serious bugs where users CANNOT use the apps correctly.

this was after May 10th update....

previously logging into ANY microsoft 365 program brought up a white page with "microsoft" at the top....
Well they changed the login and now some apps log in with a GREY small screen. (maybe because all the phising sites show THIS old page in their emails... & MS rushed out a half assed fix.)

net effect there is NO 2FA code behind those screens, so the effect is the apps will no longer auth the users , shutting down all the users email apps.
Because.. they only ask for the user name & the pw NOT the 2FA.....

I currently have a situation of mushrooming users being cut off.... as the licenses require refresh & login to reauth. the 365 licenses on the machines.

it is yet another example of MS rolling out feature accessible to users, then totally screwing the pooch....... on implementation.

Thanks MS....... nearly 4 days and STILL no solution.....

Answer 5

You could follow the procedure in this wiki guide;

https://wiki.deepnetsecurity.com/display/SafeID/How+to+set+up+SafeID+programmable+token+with+Google+2-Step+Verification

The procedure is for using programmable hardware tokens, but once you get to the QR code step you should then be able to use the QR code with your authentication app.