Enabling OTP based authentication for few External domains in B2B setup

Question

Hi,

I have a requirement wherein I have to stop the auto-federation feature of Azure and whitelist a few domains to use OTP-based authentication till I establish federation between two Entra tenants.

I have tried multiple options but no luck so far. Has somebody faced this type of use case earlier?

Answer 1

Hi @Raman Ahuja ,

It is difficult to tell from your description at which step you are facing the issue, whether the OTP isn't triggering, any errors you receive, and what the users are trying to access. If you're using the free version of Entra, you can only configure a subset of MFA features by enabling security defaults. Otherwise you need Entra ID Premium P1 or P2 licenses.

You also need to make sure the guest OTP is enabled under Email one-time passcode for guests > Yes. I'm not sure where the users are trying to authenticate in your case, but for Sharepoint sites, you also need to make sure that you share the site with the external/guest users in order for the OTP to work and for the guest accounts to get added. (Settings > Site permissions > Invite people > share site only).

The article says, “Email OTP enables you to collaborate with anyone, no matter where they are in their cloud journey. If your partner organization is not yet in the cloud or in a hybrid environment, on-premises guests can simply sign in with email OTP instead of having to use cloud sync, federation, or another solution.”

Note that email OTP authentication only exists for workforce tenants and not for external tenants.

https://learn.microsoft.com/en-us/entra/external-id/one-time-passcode

If you share more details about which steps you tried and where the OTP is failing, I would be able to better help troubleshoot.