How do I use the Authenticator App for 2FA in an AD tenant that I have created from an account in a different AD?
I have an account in my organization's AD. Lets call the AD 'Mother', and the account firstname.lastname@example.org
Signed in as this account, I have previously created another AD, let's call it 'Children'. Children is used to authenticate users in a system that is rarely used (a few times per year). The system uses the AD both from a SPA web app and from a backend API.
I've noticed that users in Children now require 2FA, due to the security defaults. When trying to log in to tweak these settings, I realize that my account (email@example.com) that is the global administrator in Children, also needs 2FA in the Children tenant.
I have the Authenticator set up for 2FA for firstname.lastname@example.org of course, but now I need to set it up for the account email@example.com, but in the Children AD. If I just try to change to the Children AD in Entra, and log in as firstname.lastname@example.org, my auth app does not get any request to authenticate.
I've tried to set up a new account in the Authenticator, like this:
- Add account, Work or school account
- Sign in, use another account, sign-in options
- Sign in to an organization
- enter children.onmicrosoft.com
- sign in with email@example.com
- get prompted for 2FA, and authenticates with the (same) authenticator app
- I now get prompted with "enter code" (from within the authenticator app). I can't reach the code in the app without closing this login screen.
How would I go about solving this? I'm considering getting a second phone so I can try having two different auth apps, but I would like to avoid it. All I want to do is get a second account set up in my existing auth app, so it can handle me logging in as firstname.lastname@example.org in the Children tenant.