Azure AD - Manage Oath token

Emanuele Signorin 46 Reputation points

In Azure AD in the Multi-Factor Authentication blade, I would like to delegate the rights to upload new OATH Tokens and activate them.
Which is the right role to assign to a technicians in order to do these tasks?

Thank you in advance.

Best regards,


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,578 questions
No comments
{count} votes

Accepted answer
  1. Shweta Mathur 13,081 Reputation points Microsoft Employee

    Hi @Emanuele Signorin ,

    Thanks for reaching out.
    As per my understanding, you are trying to delegate the rights to upload new OATH hardware tokens.

    To enable Multi-Factor Authentication blade, user should have at least below privileges:

    1. User have at least an Azure AD Premium P1 or trial license enabled for working Azure Active Directory.
    2. An account with Authentication Policy Administrator to enable software token authentication or global administrator privileges for hardware token authentication.

    Currently OATH hardware token is in preview that allows the Global Admin to perform bulk upload of tokens by uploading the CSV file which contains the UPN, Serial number, secret key, etc. A Global Admin can activate a maximum of 200 OATH tokens every five minutes.

    Reference : OATH-hardware-tokens-preview

    Hope this helps.



    Please remember to "Accept Answer" if answer helped you.

0 additional answers

Sort by: Most helpful