Request for registration of OATH token and connection to user:
We would like you to allow end users to register OATH token by themselves as well as other multi-factor authentication notifications (i.e. telephone and SMS)
If our request above is not permitted, please consider the following to reduce the time and effort of the administrator:
- Registering OATH token information prior to registration of associated user information
- Connecting the user and OATH token by GUI operation from Azure portal instead of importing CSV
- No entering authentication code when activating OATH token
Daniel Gull commented
Is there some preview planned soon? Microsoft recommends everywhere to setup MFA for all users but we cannot do the deployment without the OAUTH self-registrations/activation function.
David S. commented
Any update MS? Anyone that planning to use OATH tokens with large bulk deployment can not activate each token one at a time since it would consume a huge amount of time for the global admins. Why can't global admin's upload the all the required info as with the csv and let the user activate the assigned token like another MFA method. Maybe it's not an issue after you done deploying your tokens to make changes to one or two tokens, but if your deploying 2000+ tokens I could not think about the amount of time it would take to activate each token one at at time.
Joe Stocker commented
one company has figured out a way around this - Token2.ch
The idea/ request is shared almost an half year ago an still no registration/ activation option from user perspective.
What i would like to see (like others also mentioned):
I'm as global admin able to bulk add and activate tokens, but...
1. Adding tokens and ACTIVATING OATH tokens should also be able with less privileges (the only way now is to do this as global admin)
(please don't mention privileged admin roles in azure- not working)
2. Users should be able to activate the (already uploaded tokens and secrets by admins) themselves.
as long as these main point are not in place it will take too much time and effort to implement this solution
Grant Hope commented
This is a must
As an admin also, it is very time consuming to have to manually activate each OATH token. I have an organization of 15k+ users, and there's not enough resource to individually insert each key to activate on top of preventing keys getting mixed with each other.
Cody Hussey commented
As an admin, I should be able to bulk upload OATH hardware tokens, and not have to then manually active each one. This is just as time consuming and defeats the purpose or bulk upload.
I agree with that request.
It's a nice idea if end users set tokens by self!
Azure MFA has few the features to manage OATH hardware tokens compared to MFA Server.
In many organizations, it is impossible to register UPN, SERIAL NUMBER, SECRET KEY simultaneously.
Users can setup to token by self using SERIAL NUMBER, if Azure MFA has the following features:
* a feature to register OATH hardware token.
* a feature to assign tokens to accounts.