Jul 06 2017
09:14 AM
- last edited on
Jan 14 2022
04:48 PM
by
TechCommunityAP
Jul 06 2017
09:14 AM
- last edited on
Jan 14 2022
04:48 PM
by
TechCommunityAP
If you enfore MFA on a B2B user via AAD conditional access and the user cant use the already confiured MFA app / MFA options.
They have to register for MFA again and even end up with two entries in the Authenticator App if used.
Are you looking to improve this?
Jul 06 2017 09:21 AM
SolutionHI Alexander - thanks for the question!
Currently, MFA is managed at the resource tenant - that is the tenant that has invited the B2B user. This allows the organization to work with users with social IDs and with partners that don't have MFA capabilties and partners whose MFA policies that the resource tenant may not trust.
This does mean that if the user has an MFA profile with the partner org already - they will still have to re-register with the resource tenant/inviting organization.
We are looking into enabling the resource tenant to trust certain partner organizations' MFA so that the users from these partner companies do not have to re-register and can use their existing MFA profile.
Hope that helps.
Sarat
Jul 12 2018 09:49 AM
Hey Sarat,
It has been 12 months since your post - my company wishes to leverage this ability to trust a partner company MFA.
Any progress on this item?
Cheers
Shane
Jul 13 2018 12:47 PM
Hi there,
Any update on this? Do we have an idea of when this will be available?
Jul 06 2017 09:21 AM
SolutionHI Alexander - thanks for the question!
Currently, MFA is managed at the resource tenant - that is the tenant that has invited the B2B user. This allows the organization to work with users with social IDs and with partners that don't have MFA capabilties and partners whose MFA policies that the resource tenant may not trust.
This does mean that if the user has an MFA profile with the partner org already - they will still have to re-register with the resource tenant/inviting organization.
We are looking into enabling the resource tenant to trust certain partner organizations' MFA so that the users from these partner companies do not have to re-register and can use their existing MFA profile.
Hope that helps.
Sarat