Forum Discussion

NishaBlue1325's avatar
NishaBlue1325
Copper Contributor
Nov 07, 2023

PowerShell - how to pass sign-in credentials?

We have been trying to automate MFA in the background, without a user to sign in using the following command:

 

Import-Module -Name Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes "User.Read.all","UserAuthenticationMethod.Read.All","UserAuthenticationMethod.ReadWrite.All"
New-MgUserAuthenticationPhoneMethod -UserId ${activityInput.UserId} -phoneType "mobile" -phoneNumber ${activityInput.phoneNumber}

 

But, we get the following error message: 

"Terminated the probe because the max timeout was exceeded: 11 seconds.\nPowershellProcessRunner terminated due to interrupt java.lang.InterruptedException\n"

 

I think Connect-MgGraph requires sign-in credentials, but we are not sure as to how to pass it. Can someone help us with this? Any help is appreciated.

 

Thank you!

 

    • NishaBlue1325's avatar
      NishaBlue1325
      Copper Contributor

      VasilMichev Thanks for including the article link. I tried using the client secret:

      But it prompts for the client secret. So, the only way to do this without any interaction is using client credential with a certificate?

       

       

      • LainRobertson's avatar
        LainRobertson
        Silver Contributor

        NishaBlue1325 

         

        Hi, Nisha.

         

        The example you've copied and pasted won't work as-is. The example itself even mentions you will be prompted.

         

        That said, when done properly, using a client secret will not prompt, meaning you do not have to use certificate-based authentication (though I'd recommend doing so if you can).

        Example

        $AppId = <appId of your servicePrincipal>;
        $Secret = ConvertTo-SecureString -String "<secret from your servicePrincipal>" -AsPlainText -Force;
        $Credential = [System.Management.Automation.PSCredential]::new($AppId, $Secret);
        
        Connect-MgGraph -TenantId <yourOrganisation.onmicrosoft.com> -ClientSecretCredential $Credential;

         

        Note: You should never leave a password or secret in your script. This example is purely for demonstration purposes only.

         

        Cheers,

        Lain

Resources