question

AdminPaulFAYTOUT-1678 avatar image
0 Votes"
AdminPaulFAYTOUT-1678 asked fhtino commented

How can I enroll my Sotware Oath Token provider (KeePass) into the Active Directory MFA setting

Hello Experts,

I found the documentation to enroll Hardware Oath Token but not for Software provider like KeePass wich generate TOPT.
75982-image.png



Is it really possible ?
If it's true, how can I found the manual ?

azure-ad-multi-factor-authentication
image.png (60.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT commented

@AdminPaulFAYTOUT-1678
Thank you for your post and I apologize for the delayed response!

For uploading OAuth Tokens you should be able to do this within the Azure Portal -> Security -> MFA -> OATH tokens.
77859-image.png


Once tokens are acquired they must be uploaded in a comma-separated values (CSV) file format including the UPN, serial number, secret key, time interval, manufacturer, and model, for example:

 upn,serial number,secret key,time interval,manufacturer,model
 Helga@contoso.com,1234567,2234567abcdef1234567abcdef,60,Contoso,HardwareKey

For more info - Authentication methods in Azure Active Directory - OATH tokens


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (28.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for your answer but it concerns a Hardware Key not a Software Key.
78258-image.png

Have you a real procedure with more information than the following screen capture for a Sofware Key enrollment with a destkop sofware like WinAuth or Keepass ?


78229-image.png



0 Votes 0 ·
image.png (29.2 KiB)
image.png (107.1 KiB)

@AdminPaulFAYTOUT-1678
Thank you for the quick response and clarification!

I've reached out to our engineering team to see if we have any process or documentation that will help with Software Key enrollment with products such as WinAuth or Keepass, and I'll update as soon as possible.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·
JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered fhtino commented

@AdminPaulFAYTOUT-1678
Thank you for your time and patience, I received a response from our engineering team and will post it below.


Software OATH tokens are applications like the Microsoft Authenticator app and other authenticator apps.
- Microsoft Authenticator App is what we provide from Microsoft and we have the steps of integration for the same. But Software Oath Tokens also supports third-party applications that use OATH TOTP to generate codes.


KeePass is a third party password manager, that isn't an authenticator app.
- It is similar to Keeper. Ref - Keeper Integration with AAD


Since it's a third party we do not have any integration documentation, officially, yet. Ideally, the third party provider should be providing the information.
KeePass Discussion Forums


I hope this helps! If you have any other questions, please let me know.
Thank you!


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AdminPaulFAYTOUT-1678
I just wanted to check in and see if you had any other questions or if you had a chance to review the update from our engineering team?


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.



0 Votes 0 ·

@JamesTran-MSFT Perhaps it's not exactly what needed by @AdminPaulFAYTOUT-1678 but you can use KeePass to store TOTP keys and generare codes.

https://www.fhtino.it/blog/using-keepass-as-mfa-sign-in-method-with-microsoft-work-accounts

0 Votes 0 ·