MFA with web app. We use AZURE Active Domain

Reed, Davie 1 Reputation point
2020-11-25T08:30:02.547+00:00

We use IIS on Windows Server 2016. My web app works nicely.

We also use the MFA/2FA feature of the AZURE Active Domain system. Essentially, when a remote user tries to get into our servers via Remote Desktop, it will CALL the user's phone and they have to press "#" to continue. AZURE is making the call. Somehow it's integrated with our on-prem domain controller and our RADIUS server.

I would LIKE to have my web app use the MFA capabilities of AZURE to call the user and validate them, just like the Remote Desktop connection does. So the server-side code of my web app would somehow make a function call to some magic API that does all the work and returns true or false. BTW: I do NOT know any phone numbers of the users. I would like AZURE to do all the magic.

Thanks

DAvie

Azure App Services
Azure App Services
A feature of Azure App Service used to create and deploy scalable, mission-critical web apps.
4,561 questions
Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,556 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Thierry Eppner 1 Reputation point
    2020-11-25T14:30:51.377+00:00

    Hello,

    This documentation will help you doing what you want :
    https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application

    Regards,
    Thierry

  2. Reed, Davie 1 Reputation point
    2020-12-03T22:47:16.213+00:00

    Thanks Thierry;

    I was expecting a bunch of APIs that I would have to program to get the MFA to work.

    This is entirely different. It looks like it's a "generic" authenticater for "ANY" web site we may have. AND NO ADDITIONAL WEB PROGRAMMING.

    IE: It's a traffic cop that STOPS traffic to our web site and instead will prompt the user for their domain network login creds and then the cop will tell AZURE to authenticate (maybe with a phone call). Once verified, the cop will let the traffic flow and the user can then access our web site.

    Is that correct?

    Thanks

    DAvie