OATH token csv upload

Russ Hopper 21 Reputation points

We've recently started to enforce MFA on users' 365 accounts, and as a part of this we have purchased some OTP token fobs (I don't know the official name). I have been trying to upload CSV in AAD to link each fob to a user account, but and receiving an error about the encoding of the CSV:

{"errorCode":"BadRequest","localizedErrorDetails":{"hardwareTokenUploadValidationFailure":"Invalid base32 encoding due to illegal character 8 for:

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,350 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 27,491 Reputation points Microsoft Employee

    @Russ Hopper

    Thank you for reaching out to us. As I understand you are facing this error {"errorCode":"BadRequest","localizedErrorDetails":{"hardwareTokenUploadValidationFailure":"Invalid base32 encoding due to illegal character 8 for: <UPN>, serial number: <serial number>"}... while updating OATH hardware tokens,

    However as per the documentation, The secret key can only contain the characters a-z or A-Z and digits 2-7, and must be encoded in Base32.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens#:~:text=vendor%27s%20setup%20process.-,OATH%20hardware%20tokens%20(Preview),-Azure%20AD%20supports

    Let me know if you have any further questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

2 additional answers

Sort by: Most helpful
  1. Tim Goerke 5 Reputation points


    it doesn't mean that the serial number is wrong.

    Thats absolut correct what Givary-MSFT sayed.

    You have to convert your secret key to a valid base32 string.

    You can find a lot of websites where you can do it.

    After that, I was able to upload my csv file :)



    1 person found this answer helpful.

  2. Chance Sharp (Admin) 1 Reputation point

    Make sure you don't have spaces between the commas. I was having the same issue and the first answer didn't help at all since it's clearly the serial number and not the secret key. I then noticed I had spaces after the commas and removed them and then it worked.

    0 comments No comments