Forum Discussion
TAP Question
Hi All
I hope you are well.
Anyway, I'm looking for some clarification over Temporary Access Passes (TAP) as our testing seems to reveal some different results from those listed in the MS documentation.
Here's the scenario's.
My understanding:
- Require MFA policy deployed via Conditional Access
- New user F3 user starts
- Issue TAP to user where they can then setup MFA themselves via My Security Info etc
Testing results:
- Require MFA policy deployed via Conditional Access
- New user F3 user starts
- User can setup MFA themselves via MS Auth app on a mobile device or via My Security Info in a browser
MS TAP Info page:
"The most common use for a TAP is for a user to register authentication details during the first sign-in or device setup, without the need to complete extra security prompts."
Have I missed understood something here and if a new user can indeed still setup MFA is there any real need for a TAP for first time user?
Info appreciated.
SK
1 Reply
It seems like there is a state for new users and for users where you click "Require re-register of MFA" that they can register that method without needing a form of MFA to start.
I dont know if it is a major conflict with the documentation. I see TAP as a good way to control the user experience on first sign in and MFA registration. No need for them to have the password. The TAP goes away on its own.
