How do I use the Authenticator App for 2FA in an AD tenant that I have created from an account in a different AD?

Jimmy Gunnarsson 0 Reputation points
2024-02-06T11:21:27.49+00:00

I have an account in my organization's AD. Lets call the AD 'Mother', and the account me@mother.com

Signed in as this account, I have previously created another AD, let's call it 'Children'. Children is used to authenticate users in a system that is rarely used (a few times per year). The system uses the AD both from a SPA web app and from a backend API.

I've noticed that users in Children now require 2FA, due to the security defaults. When trying to log in to tweak these settings, I realize that my account (me@mother.com) that is the global administrator in Children, also needs 2FA in the Children tenant.

I have the Authenticator set up for 2FA for me@mother.com of course, but now I need to set it up for the account me@mother.com, but in the Children AD. If I just try to change to the Children AD in Entra, and log in as me@mother.com, my auth app does not get any request to authenticate.

I've tried to set up a new account in the Authenticator, like this:

  • Add account, Work or school account
  • Sign in, use another account, sign-in options
  • Sign in to an organization
  • enter children.onmicrosoft.com
  • sign in with me@mother.com
  • get prompted for 2FA, and authenticates with the (same) authenticator app
  • I now get prompted with "enter code" (from within the authenticator app). I can't reach the code in the app without closing this login screen.

How would I go about solving this? I'm considering getting a second phone so I can try having two different auth apps, but I would like to avoid it. All I want to do is get a second account set up in my existing auth app, so it can handle me logging in as me@mother.com in the Children tenant.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,135 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,715 questions
{count} votes