This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 92%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMZ%3C/text%3E%3C/svg%3E)
Hi,I have MS Entra External ID preview tenant created. I have set up SSO. I registered app and add a platform for SPA. I have also created Conditional Access policy. The issue I am running into is MFA. When user SSO and gives email and password, it is asked for code sent to the email address. h=However, I want to use Authenticator App instead.
I haven't been able to change this behavior and would appreciate some advice.
Thank You.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.
Is there anything else I can help you with regarding this issue? If you still need further help, please feel free to let me know. If your question has been solved, then you can click "Accept Answer", which may help members with similar questions find the answer easily.
Thank you for posting this in Microsoft Q&A.
"I understand you are asking how to change the behavior of their Azure AD External ID preview tenant's SSO process. Specifically, you want to use the Authenticator App for MFA instead of receiving a code sent to their email address as a second factor of authentication.
This is the expected behavior. As of now, External tenants support two methods for authentication as a second factor: Email one-time passcode and SMS-based authentication.
Unfortunately, so far, you can't use the authenticator app for MFA instead of receiving a code sent to their email address as a second factor of authentication."
For more information: https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-multifactor-authentication-customers
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.