How to create a session (get an access token) for kiosk user with badge reader

%3CLINGO-SUB%20id%3D%22lingo-sub-1179852%22%20slang%3D%22en-US%22%3EHow%20to%20create%20a%20session%20(get%20an%20access%20token)%20for%20kiosk%20user%20with%20badge%20reader%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1179852%22%20slang%3D%22en-US%22%3E%3CP%3EUsers%20have%20RFID%20badges%20we%20can%20read%20with%20a%20badge%20reader%20to%20get%20a%20badge%20unqiue%20ID%20at%20a%20kiosk.%20We%20store%20the%20badge%20uniqueID%20as%20a%20custom%20schema%20extension%20attribute%20in%20AAD.%20We%20can%20use%20Graph%20API%20to%20look%20up%20the%20user%20in%20AAD.%20So%20now%20we%20know%20who%20the%20owner%20of%20the%20badge%20is.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20can%20we%20create%20a%20session%2Faccess%20token%20for%20the%20user%20without%20prompting%20for%20password%3F%20i.e.%20trust%20the%20badge%20-%20single%20factor%20instead%20of%20MFA.%20Yes%20we%20know%20it's%20not%20perfect%20security%20and%20someone%20else%20could%20have%20the%20users%20badge.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1179852%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Active%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMulti-Factor%20Authentication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Users have RFID badges we can read with a badge reader to get a badge unqiue ID at a kiosk. We store the badge uniqueID as a custom schema extension attribute in AAD. We can use Graph API to look up the user in AAD. So now we know who the owner of the badge is.

 

How can we create a session/access token for the user without prompting for password? i.e. trust the badge - single factor instead of MFA. Yes we know it's not perfect security and someone else could have the users badge.

1 Reply