Password reset does not stop access if valid MFA token

asked 2020-06-09T16:35:27.99+00:00
Robert Cook 1 Reputation point

Using MFA Server with ADFS Adapter

If a MFA enabled user changes their password, email is still accessible on phone without having to change password, assuming until token expires.

I have read with Azure AD the refresh token would require the device to re-authenticate, I cant see an option to achieve this using MFA Server & ADFS.

Is this possible?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,540 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
952 questions
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2020-06-09T17:24:57.983+00:00
    T. Kujala 8,416 Reputation points

    Yes, it is possible.

    Here you will find more information how to configure token lifetimes.

    https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes