Authentication methods and Authentication Administrator Role

RT-7199 511 Reputation points

User with Authentication Administrator role is not able to view or delete assigned authentication methods. Are there any changes or limitations to this role for this work.

Privileged Authentication Admin is able to see or delete authentication methods.

And the definition is not available when I look to create a custom role.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,501 questions
0 comments No comments
{count} votes

Accepted answer
  1. akinbade abiola 8,300 Reputation points

    Hello RT-7199,

    Thanks for your question.

    Yes, there are differences between the Privileged Authentication Administrator and the Authentication Administrator. The authentication Admin can manage authentication methods hence can view assigned methods. So you should be able to view with that permission.

    Users with Authentication Administrator cannot do the following:

    • Cannot change the credentials or reset MFA for members and owners of a role-assignable group.
    • Cannot manage MFA settings in the legacy MFA management portal or Hardware OATH tokens.


    The specific differences are documented here.



    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. RT-7199 511 Reputation points

    @akinbade abiola Thanks for the reply.

    So does that mean if a user is a member of any role assignable group, Authentication Admin would not be able to reset/update their MFA.

    And Is there a custom role that can be created that would allow this for our service desk, without assigning them Privileged Authentication Admin role.

    0 comments No comments

  2. RT-7199 511 Reputation points
    0 comments No comments