locked
Mobile Phone App and Azure MFA Server RRS feed

  • Question

  • I currently have directory sync enabled between my on-premise AD environment and Azure Active Directory, and also enabled multi-factor authentication on my profile. I installed PhoneFactor on my mobile device and am able to use it to verify my identity when logging into my O365 OWA account.

    I recently installed and configured the Multi-Factor Authentication Server to enable RADIUS requests for VPN connections, and have successfully tested MFA using the phone call method (when I connect via VPN client, I provide credentials, and receive a call to verify my identity, press # and connection is accepted).

    What am having trouble doing is using the mobile app as a method for verification. When I try to connect, I immediately receive 'Login Failed,' and there are no indications in PhoneFactor for an authentication request.

    In the MFA Server logs, I see two entries:

    • No device configured for user 'Kevin@domain.com'
    • PfAuth failed for user 'Kevin@domain.com'. Call status: SKIPPED_USER_INCOMPLETE - "User lacks information required for phone auth".

    I have read guidelines on creating a user portal within my network for self-registration, but I was hoping I could just use the Azure-provided portal.

    Anyone have any ideas why this may be happening?

    Friday, January 2, 2015 5:23 PM

Answers

All replies

  • Hi,

    Thank you for your question.

    I am trying to involve someone familiar with this topic to further look at this issue.

    Regards,

    Mekh.

    Saturday, January 3, 2015 9:43 AM
  • Hi,

    It seems like this issue is more related to Azure Multi-Factor Authentication, I will move this thread to Azure Multi-Factor Authentication Forum for a better help.
    Thank you for your understanding.

    Best Regards,
    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, January 5, 2015 2:28 AM
  • At present, the MFA Server user enrollment is completely separate from Azure AD. If you want to use the mobile app with the MFA Server, you need to install the User Portal so that users can generate activation codes and set their MFA method to mobile app. Also, for users to activate their mobile apps, you have to install the Mobile App Web Service, which communicates with the MFA Server via the Web Service SDK to validate the activation code generated in the User Portal. Here are links for installing the User Portal and Mobile App Web Service.

    https://msdn.microsoft.com/en-us/library/azure/dn394290.aspx

    https://msdn.microsoft.com/en-us/library/azure/dn394277.aspx?f=255&MSPPError=-2147217396

    Tuesday, March 17, 2015 4:15 PM