Forum Discussion

luvsql's avatar
luvsql
Iron Contributor
Mar 09, 2021

MFA without a Cellphone

This is becoming a bigger issue more and more.  We cannot, as a company, require our Employees to use a personal cellphone to get text codes or install work apps to authenticate our work accounts.  ...
azure
Danny69's avatar
Danny69
Brass Contributor
Oct 24, 2022
I have found a workaround. If you register one of the primary methods (sms/call/app) then add a FIDO key, you can remove the primary method, leaving the FIDO key as the only method. Not ideal but it works...
David_2468's avatar
David_2468
Copper Contributor
Nov 11, 2022

In our workplace we are unable to phones on the shopfloor for security reasons. We have implemented 

OATH tokens

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-oath-tokens

 

We bought  

Feitian OTP C200 Readers

https://www.amazon.co.uk/Feitian-OTP-C200-Reader-H41/dp/B01MSRAVXQ/ref=sr_1_1?crid=1KFIAO7D0828C&keywords=OTP+C200&qid=1668163095&sprefix=otp+c200%2Caps%2C1292&sr=8-1

 

Here is a video of the process we followed for importing the token details (which were supplied by the vendor in a csv file. we just needed to add the UPN details for the appropriate user \ reader ) 

https://www.youtube.com/watch?v=dPMUFd5HqQQ

 

You then simply turn on MFA for the user like you would normally as an administrator 

 

When the user logs in, it will ask for the number off the token.

 

Solution works well and is surprisingly simple once you know how.  

 

 

 

 

Resources