MFA with web app. We use AZURE Active Domain

Question

We use IIS on Windows Server 2016. My web app works nicely.

We also use the MFA/2FA feature of the AZURE Active Domain system. Essentially, when a remote user tries to get into our servers via Remote Desktop, it will CALL the user's phone and they have to press "#" to continue. AZURE is making the call. Somehow it's integrated with our on-prem domain controller and our RADIUS server.

I would LIKE to have my web app use the MFA capabilities of AZURE to call the user and validate them, just like the Remote Desktop connection does. So the server-side code of my web app would somehow make a function call to some magic API that does all the work and returns true or false. BTW: I do NOT know any phone numbers of the users. I would like AZURE to do all the magic.

Thanks

DAvie

Answer 1

Hello,

This documentation will help you doing what you want :
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application

Regards,
Thierry

Answer 2

Thanks Thierry;

I was expecting a bunch of APIs that I would have to program to get the MFA to work.

This is entirely different. It looks like it's a "generic" authenticater for "ANY" web site we may have. AND NO ADDITIONAL WEB PROGRAMMING.

IE: It's a traffic cop that STOPS traffic to our web site and instead will prompt the user for their domain network login creds and then the cop will tell AZURE to authenticate (maybe with a phone call). Once verified, the cop will let the traffic flow and the user can then access our web site.

Is that correct?

Thanks

DAvie