Forum Discussion

Bryan Callicott's avatar
Bryan Callicott
Copper Contributor
Sep 21, 2017

Google Authenticator app & Office 365 MFA

Is it possible to use the Google Authenticator iOS app with Office 365 MFA instead of the Microsoft Authenticator app?

 

I tried adding to Google Authenticator with both QR code and manually but got failures each time.

  • Simeon Lewis's avatar
    Simeon Lewis
    Copper Contributor

    So, it appears that you can use Google Authenticator or Authy with Office 365 but only if you choose to "Use verification code from app" instead of the much more convenient "Receive notifications for verification" which pushes a notification to the authenticator app on your device.  Shame Authy/Google Authenticator can't handle the push notification from Office 365 because most people only want one authenticator app on their phone. I wonder whose at fault here?

    • Nam-Tran's avatar
      Nam-Tran
      Copper Contributor
      It works like a charm! However, this option is rather discreet for normal users to detect, lol.
      • Chuck2021's avatar
        Chuck2021
        Copper Contributor
        My Experience where I worked they have conditional access enabled and it no longer allows the use of Google Authenticator it is MS Authenticator only no other options are presented that enable the use of Google Authenticator. To say the least I am disappointed.
  • rodney_kahane's avatar
    rodney_kahane
    Copper Contributor

    Was able to get Google Authenticator to work, make sure you are selecting the (small) blue hyperlink in the lower right corner next to the QR code.  After you click the link, there is a slight change in the text in step 1 that states "Install the Microsoft Authenticator or any other app for Windows Phone, Android, or iOS."  I was then able to scan the QR code in Google Authenticator and complete the registration.

    • Przemyslaw W's avatar
      Przemyslaw W
      Brass Contributor

      No true, you are not forced to install MS Authenticator, You can without problem use Google Authenticator, but you need to display the "Secret" key:

      In screen with QRCode to scan there is a small blue link "Setup application without notifications" (sorry don't exactly know if this is proper translation for it) , click it and you'll get the secret, then just type it into G Authenticator and you're set :) (You don't have to type the full account name, this is for you to identify it only).

      --- edit after 15min ---

      Ps. I just set-up on my new phone GAuthenticator for 3 company O365 accounts :)

      • stsm_glen's avatar
        stsm_glen
        Brass Contributor

        Przemyslaw W wrote:

        No true, you are not forced to install MS Authenticator, You can without problem use Google Authenticator, but you need to display the "Secret" key:

        In screen with QRCode to scan there is a small blue link "Setup application without notifications" (sorry don't exactly know if this is proper translation for it) , click it and you'll get the secret, then just type it into G Authenticator and you're set :) (You don't have to type the full account name, this is for you to identify it only).

        Thank you, that was the key for me. For anyone else wondering, this is the process for setting up 2/MFA with any OTP app (I use andOTP):

         

        1. Open the security verification page for your user: https://aka.ms/MFASetup
        2. Check the Authenticator app box, and click the Configure button.
        3. Click the Configure app without notifications URL
        4. Now scan the QR code with your app and configure like normal.

        It seems like Microsoft really go out of their way to obscure the fact that you don't actually need Microsoft Authenticator to use this factor for authentication.

    • Pontus Gagge's avatar
      Pontus Gagge
      Copper Contributor

      Yet both should just implement RFC6238 and RFC4226. Does either Microsoft or Google's app add anything proprietary to the TOTP and HMAC standards? 

  • Markk385's avatar
    Markk385
    Copper Contributor

    Tried to do this today, it's still hard to find. Because Microsoft...

    • Go here: https://mysignins.microsoft.com/security-info
    • Click '+Add sign-in method'
    • Choose the  'Authenticator app' option.
    • On the screen where it tells you to install the MS Authenticator App there is a link 'I want to use a different authenticator app', click that.
    • Now it says 'In your app, add a new account.', click the 'Next' button.
    • Scan the QR code in Google Authenticator. Or some other app that was made by some other company that does understand how to build software that does not endlessly frustrate it's users.

    I specifically made an account here to post this info, hope it helps others work around this mess.

    • TADProfile's avatar
      TADProfile
      Copper Contributor

      Markk385 

      No such link to use a different 2FA App exists here. Is this disabled by default and needs to be enabled for the user who doesn't want to use the Microsoft Authenticator app?

      • crumblyleaves's avatar
        crumblyleaves
        Copper Contributor

        TADProfile You need to have an Authentication Strength policy that allows you to use other apps, e.g. "Password + Software OATH token," then you can add that policy to your Conditional Access policy under the "Grant" section > "Require authentication strength" dropdown.

  • frankfalvey's avatar
    frankfalvey
    Iron Contributor
    Yes, you can use the Google Authenticator iOS app with Office 365 MFA, but with a slight caveat. While Microsoft prefers users to leverage their own Microsoft Authenticator app, they still offer compatibility with third-party authenticator apps like Google Authenticator.

    Here's how to set it up:

    Enable MFA in Office 365: Sign in to your Office 365 account and navigate to the security settings. Look for options related to Multi-Factor Authentication (MFA) and enable it.

    Choose "Authenticator App": During the setup process, you'll likely see options for various verification methods. Select "Authenticator app" and choose "I want to use a different authenticator app" (this link might be small and easy to miss).

    Add Account in Google Authenticator: Open the Google Authenticator app on your iOS device. Tap the "+" icon to add a new account. You can either scan the QR code displayed on your Office 365 setup page or enter a provided key manually (depending on the options offered).

    Enter Code During Login: Once configured, whenever you log in to Office 365 and MFA is triggered, you'll need to provide the time-based one-time code generated by the Google Authenticator app.

    Things to Keep in Mind:

    Microsoft Support: While it works, Microsoft officially recommends using their own Microsoft Authenticator app. Troubleshooting or support might be limited for issues arising with Google Authenticator.
    Security Considerations: Ensure your Google Authenticator app is secured with a strong PIN or biometric verification for added protection.
    Overall, using Google Authenticator for Office 365 MFA is an option, but the Microsoft Authenticator app might offer a more streamlined and potentially better supported experience.








Resources