Azure MFA with SharePoint and FBA

Question

We are searching for a solution to integrate Azure MFA with our SharePoint Forms based authentication module. When I check MSDN article's I see the way to migrate users to Azure AD as guest users. The question I have is how to integrate or call the Azure MFA once user successfully get authenticated from our Membership provider before login to the site.

We user SharePoint 2016 and OS version is Windows 2016 Server.

Thank you.

Answer 1

Hello @Kani ,

**
Unlike with AD FS in Windows Server 2012 R2, the AD FS 2016 Azure MFA adapter integrates directly with Azure AD and does not require an on premises Azure MFA server. The Azure MFA adapter is built in to Windows Server 2016, and there is no need for additional installation.
**
Article Source：Configure Azure MFA as authentication provider with AD FS

If using FBA in SharePoint 2016, you could configure the MFA Server to do post-authentication in the advanced settings. In that case, the MFA Server lets the application do its own primary auth and then evaluates the web response to see if the primary auth succeeded or failed. If it succeeded, it will perform MFA. You have to configure the post-auth settings to detect unique text within the web response that indicates primary auth success versus failure.

Please refer to this article to use Form-Based IIS Authentication with Azure Multi-Factor Authentication Server：

• Configure Azure Multi-Factor Authentication Server for IIS web apps

Thanks,
Echo Du

Answer 2

Thank you @Echo Du_MSFT for the answer. I guess the mentioned approach for "Configure Azure Multi-Factor Authentication Server for IIS web apps" is deprecated from July 2019 as it involves installing the MFA server.