Forum Discussion
How to handle MFA for a shared account?
Hello,
We have a business need where some users need to share an Entra ID account for Dynamics 365. I am trying to figure out how to handle MFA for a shared account and what's the best practice in such cases. We could setup the MFA for this account to the admins' phones, but this will only create headache for those admins (when they're out of office, travelling etc.).
Any advice would be appreciated.
Hi Galaxy876
Password managers such as Bitwarden are able to store account credentials (username, password and TOTP token) and make them available for multiple users.
3 Replies
You are correct that designating one admin's phone for MFA would create a headache since the code would go to them each time regardless of whether they are in the office. Fortunately there are a few workarounds:
- Hardware based authentication methods: FIDO2 keys, Radio Frequency Identifier Reader tags and External Smart Card readers can be used to installed near the device used to access the shared account and users can tap to access.
- Physical landline: A physical landline in the office can be set up to ensure the pin is delivered there via a voice call.
- Conditional Access Policies: You can establish a Conditional Access policy to more narrowly define the circumstances under which a second code would be required in order to minimize the friction arising from users attempting to access a shared account.
- Multi-User Authenticator apps: Multi-User Authenticator apps such as Salepager can be used to ensure any tokens and 2FA pins are shared with multiple users who have been provisioned access to a shared account.
Hi Galaxy876
Password managers such as Bitwarden are able to store account credentials (username, password and TOTP token) and make them available for multiple users.MathieuVandenHautte You're right. We use 1Password and it does the same. Thank you for this suggestion.
