Forum Discussion
JamesRV
Jul 15, 2021Brass Contributor
MS Authenticator Programming
Anyone know how to use MS Authenticator Code in a programmatic way to authenticate users. Here is the scenario:
- User calls helpdesk on resetting password (we do have SSPR, but there are some who still call )
- Agent asks the user to read the code from their authenticator app
- Agent types it on a custom screen or any available screen from AAD
- Once validated we provide temporary passcode
- pvanberloSteel ContributorTOTP works based on shared secrets, so unless you have these shared secrets, you will not be able to validate the user at all. They cannot be programmatically retrieved either.
If there is no other way to "authenticate" a user based on personal or company information, you might consider setting up a system where the user selects a short "code word or phrase" which is stored securely. Only if the user can provide this specific code word or phrase, you will be able to determine if the user is who the user claims to be. As a 2nd option, perhaps this can be completed based on a second MFA code using SMS and a registered phonenumber.- JamesRVBrass ContributorThese are our AAD users so we do know them I am trying to stay away from Knowledge based verification and use the security code displayed on Authenticator app as the additional factor before we can reset user password.