Azure AD - Manage Oath token

Emanuele Signorin 46 Reputation points

In Azure AD in the Multi-Factor Authentication blade, I would like to delegate the rights to upload new OATH Tokens and activate them.
Which is the right role to assign to a technicians in order to do these tasks?

Thank you in advance.

Best regards,


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,410 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 27,216 Reputation points Microsoft Employee

    Hi @Emanuele Signorin ,

    Thanks for reaching out.
    As per my understanding, you are trying to delegate the rights to upload new OATH hardware tokens.

    To enable Multi-Factor Authentication blade, user should have at least below privileges:

    1. User have at least an Azure AD Premium P1 or trial license enabled for working Azure Active Directory.
    2. An account with Authentication Policy Administrator to enable software token authentication or global administrator privileges for hardware token authentication.

    Currently OATH hardware token is in preview that allows the Global Admin to perform bulk upload of tokens by uploading the CSV file which contains the UPN, Serial number, secret key, etc. A Global Admin can activate a maximum of 200 OATH tokens every five minutes.

    Reference : OATH-hardware-tokens-preview

    Hope this helps.



    Please remember to "Accept Answer" if answer helped you.

0 additional answers

Sort by: Most helpful