question

MikeBradley-6201 avatar image
0 Votes"
MikeBradley-6201 asked bugs-6188 edited

How do I get "Software OATH token" authentication method added to my AAD account (see screenshot)

Dear all,

In AAD, I'm looking for a way to get the "Software OATH token (Preview)" authentication method, added to my account.

My colleague has managed it (as the following screenshot shows), but no-one seems to know how he's done it. Could someone please explain what I need to do to enable this?

198483-how-do-enable-this.png

I want to use "OAuth2.0 authentication" to connect to Dynamics.

Appreciate your kind assistance.



azure-active-directoryazure-ad-authenticationazure-ad-authentication-protocols
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndyDavid Thanks for replying.

No, I don't see his account there. I don't see any accounts there.

0 Votes 0 ·
SnowChuck-5462 avatar image
0 Votes"
SnowChuck-5462 answered MikeBradley-6201 commented

I have just come across this in my tenant while testing Azure MFA and SSPR (Self-Service Password Reset) with the Combined Registration Mode enabled and "Require Registration" enabled. When the users sign-in they prompted with "More information required" and then ran through the process to setup two MFA options for SSPR. The first step presented to the user is to setup the Microsoft Authenticator. In the step there is the option "I want to use a different authenticator app". The user chose that option and used the Google Authenticator app. When I reviewed the Authentication Methods for that user account I saw "Software OATH token (Preview)" as one of the Authentication methods.

I am working with MSFT on Azure MFA/SSPR to find out if this is actually supported since it is labeled "Preview" and preview features are typically not supported in a production environment.

So, setup Google Authenticator as your Authentication app for Azure MFA and you will be able to recreate "Software OATH token (Preview)" as an Authentication Method.

199216-image.png



image.png (40.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Oh that's an excellent answer, @SnowChuck-5462!

I think you've cracked it!

Accepted answer!

0 Votes 0 ·
AndyDavid avatar image
0 Votes"
AndyDavid answered AndyDavid commented
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks, @AndyDavid, but I'm not sure what you mean when you say "It would need to be added". What would?

Also, as an organisation, we have none (no OATH tokens) installed, yet my colleague still has "Software OATH token (Preview)" as a useable authentication method. How is it that he's managed to do that?




0 Votes 0 ·

As far as I know, the uploading from csv following
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens is the only way to add these.
If you arent seeing them, it makes me think someone added it then deleted the account later from that menu. The audit logs may show something if this happened in the last 30 days.

0 Votes 0 ·

@AndyDavid Thanks for replying. I appreciate your efforts.

I can be 100% sure that at no point has anyone added any OATH tokens.

But I'll see if anyone else has any ideas.

0 Votes 0 ·
MikeBradley-6201 avatar image
1 Vote"
MikeBradley-6201 answered JamesTran-MSFT commented

How I worked round this.

The reason I needed this (Software OATH token) was because, whenever I connected to Dynamics thru C#, I received an error "You are using Ws-Trust authentication which has been deprecated and no longer supported in your environment. Please use OAuth2.0 authentication".

So in the end I created an AAD "App Registration", then created a Dynamics "Application User" based in the App Registration. I then connected using that.

Appreciate you looking at this, @AndyDavid.

Regards to all.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MikeBradley-6201
I'm glad that you were able to resolve your issue and thank you for posting your solution here so that others experiencing the same thing can easily find this!


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

0 Votes 0 ·
bugs-6188 avatar image
0 Votes"
bugs-6188 answered bugs-6188 edited

Don't do it.......
it kicks off some serious bugs where users CANNOT use the apps correctly.

this was after May 10th update....

previously logging into ANY microsoft 365 program brought up a white page with "microsoft" at the top....
Well they changed the login and now some apps log in with a GREY small screen. (maybe because all the phising sites show THIS old page in their emails... & MS rushed out a half assed fix.)

net effect there is NO 2FA code behind those screens, so the effect is the apps will no longer auth the users , shutting down all the users email apps.
Because.. they only ask for the user name & the pw NOT the 2FA.....

I currently have a situation of mushrooming users being cut off.... as the licenses require refresh & login to reauth. the 365 licenses on the machines.

it is yet another example of MS rolling out feature accessible to users, then totally screwing the pooch....... on implementation.

Thanks MS....... nearly 4 days and STILL no solution.....


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.