MFA server

%3CLINGO-SUB%20id%3D%22lingo-sub-448829%22%20slang%3D%22en-US%22%3EMFA%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-448829%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3CBR%20%2F%3EThe%20activation%20of%20MFA%20server%20is%20performed%20using%20a%20key%20provided%20in%20the%20Azure%20portal.%3C%2FP%3E%3CP%3E1.%26nbsp%3B%20Does%20MFA%20server%20requires%20users%20defined%20for%20second%20factor%20to%20be%20synced%20to%20Azure%20AD%3F%20Or%20it%20will%20perform%20second%20factor%20for%20any%20user%20that%20is%20defined%20with%20it%3F%3C%2FP%3E%3CP%3E2.%20Would%20that%20same%20MFA%20server%20work%20if%20I'll%20deploy%20it%20in%20the%20environment%20where%20there's%20non-Microsoft%20LDAP%20directory%20is%20used%20for%20the%20users%3F%20That%20LDAP%20directory%20is%20not%20synced%20to%20Azure.%3CBR%20%2F%3E3.%20Given%20AADConnect%20allows%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fplan-connect-topologies%23multiple-forests-single-azure-ad-tenant%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Esync%20of%20multiple%20forests%20to%20single%20tenant%3C%2FA%3E%2C%20say%20I%20would%20like%20to%20sync%203%20domains%20to%203%20directories%20within%20the%20same%20tenant%2C%20I%20assume%20I%20should%20be%20able%20to%20use%20the%20same%20%22activation%20key%22%20for%20MFA%20server%20across%20multiple%20domains%2C%20there%20would%20be%203%20MFA%20servers%20deployed%20in%20each%20domain%2C%20is%20that%20a%20correct%20assumption%3F%26nbsp%3B%3CBR%20%2F%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-448829%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emfa%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Sergey Kluzner
New Contributor

Hello,
The activation of MFA server is performed using a key provided in the Azure portal.

1.  Does MFA server requires users defined for second factor to be synced to Azure AD? Or it will perform second factor for any user that is defined with it?

2. Would that same MFA server work if I'll deploy it in the environment where there's non-Microsoft LDAP directory is used for the users? That LDAP directory is not synced to Azure.
3. Given AADConnect allows sync of multiple forests to single tenant, say I would like to sync 3 domains to 3 directories within the same tenant, I assume I should be able to use the same "activation key" for MFA server across multiple domains, there would be 3 MFA servers deployed in each domain, is that a correct assumption? 
Thank you.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies