Password reset does not stop access if valid MFA token

Question

question

RobertCook-1200 asked · Jun 09, 2020 at 04:35 PM

Password reset does not stop access if valid MFA token

Using MFA Server with ADFS Adapter

If a MFA enabled user changes their password, email is still accessible on phone without having to change password, assuming until token expires.

I have read with Azure AD the refresh token would require the device to re-authenticate, I cant see an option to achieve this using MFA Server & ADFS.

Is this possible?

adfs azure-ad-multi-factor-authentication

· 1

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT · Jun 12, 2020 at 05:36 AM

@RobertCook-1200 If the solution provided by Tkujala helped you, please "Mark as Answer" and "Up-Vote" for the answer that helped you for benefit of the community.

0 ·

Answer 1 · 2020-06-09T17:24:57.983Z

TKujala answered · Jun 09, 2020 at 05:24 PM

Yes, it is possible.

Here you will find more information how to configure token lifetimes.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes

· 1 ·

10 |1000 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaurabhSharma-msft · Jun 12, 2020 at 09:00 PM

@RobertCook-1200 Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

0 ·

question