Forum Discussion
Automating MFA Token Invalidation Upon User Account Disablement
We are looking for a way to automatically invalidate a user's MFA token as soon as their account is disabled. Currently, the leaver process flows from our IAM solution to on-prem AD, which then syncs...
Hi kaselva,
There's no automatic, out-of-the-box option for this.
It sounds like you're running an identity management platform, in which case the most appropriate solution is for the IDM to incorporate the Azure-side steps that Vasil has referenced as part of its de-provisioning or state-change behaviour (i.e. disabling can take place independent of being de-provisioned).
The fact that it currently points to on-premise Active Directory doesn't (or shouldn't) preclude it from also being able to take actions in Azure.
Otherwise, you're back to external automation, which potentially still comes with its fair share of challenges.
Cheers,
Lain