How to get token if MFA is enabled( we need to automate this)

Pramuk, K.C. (SGRE COG DVL SW) 26 Reputation points
2021-05-10T16:24:17.567+00:00
  1. how do we get OAuth\JWT token when MFA is enabled , as per the policy in our company, our test account cannot be disabled for MFA
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,804 questions
0 comments No comments
{count} vote

Accepted answer
  1. AmanpreetSingh-MSFT 56,616 Reputation points
    2021-05-13T12:23:19.583+00:00

    Hi @Pramuk, K.C. (SGRE COG DVL SW) · Thank you for reaching out.

    When MFA is enabled for a user account, you are required to prove:

    1. Who you are (using username/password) - Can be automated
    2. What you own (Mobile/AuthenticatorApp/Haredware token) - Can NOT be automated as it requires manual input.

    If you are looking for automating the authentication without disabling MFA for the account, you can:

    • Exclude public IP address/Subnet that represents the computer(s) where you want to automate authentication for this accout.
    • Use Azure AD Joined/Hybrid Joined/Registered devices, where you need to perform MFA once and MFA information will get stored in PRT, user won't be prompted for MFA afterwards.

    If you are using this account for script automation:

    • Use application context by using client_credentials flow for authentication.
    • Or if you are running the script on Azure VM, consider using Managed Identity for authentication.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. José Miguel Lopez Becerra 16 Reputation points
    2021-07-23T10:55:06.017+00:00

    MFA authentication can be:

    1. What user know, like a password
    2. What the user has..."a certificate". Could it work for you?
      The validation of a certificate can be automated.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.