is it possible to get Azure AD authentication with Username and Password when we have multifactor authentication enabled

JA 131 Reputation points
2022-10-09T13:57:39.927+00:00

our requirement is to get an authentication Token to request ARM to provide an accessToken for a machine learning endpoint.

Its working fine with service principal account but now we want to do it for each user using their credentials.

So far I have tried with MSAL java SDK code to authenticate user using its credentials for the tenant and the registered client ID. but I get below error :

om.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
Trace ID: c61802d5-9d3e-4f85-a84c-78b8b47a8700
Correlation ID: 54d6c941-c8b1-4730-8cd3-989e3146ea38
Timestamp: 2022-10-09 13:27:01Z

ALso, I have tried with rest API as well, and I get same error :

248743-image.png
we have multifactor authentication enabled when we login to our azure account. So, is this error due to this?
And if yes, is there any way of bypassing it through code or MSAL library?

and what would be the best way to authenticate user in this case?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,634 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,813 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 96,836 Reputation points MVP
    2022-10-09T15:01:29.807+00:00

    No, you cannot. As clearly stated in the ROPC flow documentation:

    If users need to use multi-factor authentication (MFA) to log in to the application, they will be blocked instead.

    The only way to bypass MFA requirements is to use legacy auth, which does not support MFA to begin with. For many of the same reasons, using the ROPC flow is highly discouraged.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful