Is a Digipass Go 6 compatible with MS MFA

Microsoft Entra ID supports OATH TOTP hardware tokens. That means any hardware token that follows the standard OATH time-based OTP specification can be used with Microsoft MFA.

However, there is an important distinction.

If your Digipass GO 6 tokens are standard OATH TOTP tokens and you have access to their secret seed values (in Base32 format), then they can be imported into Entra ID and used for MFA.

If they were provisioned and locked specifically for Duo (which is common for Duo-branded hardware tokens), then the secret seed is typically bound to Duo’s backend and cannot be exported. In that case, they cannot be reused with Microsoft MFA.

Microsoft does not “pair” with the hardware device directly. It requires the shared secret used to generate the OTP. Without that seed, the token cannot be registered.

So the key question is:

Do you have access to the OATH seed values for those tokens?

If yes, you can:

• Enable OATH hardware tokens in Entra ID
• Upload the token serial and secret via PowerShell
• Assign the token to users

If no, and the tokens are Duo-bound, then they will not work natively with Microsoft MFA.

There is no compatibility issue at the protocol level. The limitation is purely around seed ownership and provisioning control.

In many cases, the most practical solution is to issue new OATH-compatible tokens that are not vendor-locked.

Has anyone done this before with the DUO hardware token? I'm facing the exact same issue. I don't know how to get the "SecretKey" from each device.