Azure AD + 3rd Party MFA via Azure AD Custom Controls RRS feed

  • Question

  • Hi,

    How do you get an MFA Server on the list, as at present it seems to be restricted to RSA, Duo and Trusona.

    Or when will you open up support for the general MFA providers, and/or provide the information that will allow another vendor to integrate in the same fashion.

    Reason:We have a very large customer we are working on with their whole of Staff UAM 2FA upgrade. They are looking at both on-premise and cloud options, but require the 2FA to be on-premise. Azure’s approach with ADFS will be restrictive as compared to AWS and GCP’s approach, especially as the incumbent 2FA solution supports standards and pseudo standards (OIDC, OAuth 2.0, RADIUS, LDAP and API’s).

    Kind Regards,


    Wednesday, March 7, 2018 12:39 AM

All replies

  • There are some Third-Party tokens that are tested and supported by Azure MFA - which includes Gemalto IDProve, Deepnet Security, SafeId OATH tokens and SafeNet OATH time based token.

    You may drop your feedback on the Azure Feedback Portal on the same.

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.

    Wednesday, March 7, 2018 7:44 AM
  • we want to implement our own mfa provider for our Azure users. How we can define totally new mfa provider? We dont want to use predefined ones like Duo, RSA.
    Wednesday, May 16, 2018 1:22 PM
  • This is not an answer, as it does not tell me how I configure to use my own authentication server and not one of the pre-defined ones - please un-mark as answered
    Sunday, May 20, 2018 3:05 AM
  • If you look at the 2017 article that first announced the capability https://blogs.technet.microsoft.com/cbernier/2017/10/16/azure-ad-3rd-party-mfa-azure-ad-custom-controls/

    you can see that the custom control is just JSON code that lays out the format of the request and a publicly accessible endpoint to send that request to.   To get other MFA providers into the list the 3rd party MFA provider would need to work with the Microsoft Azure AD product group and provide that information, and then work to test and validate that it works.  I would imagine that the PG works on providers based on end user demand and the commitment from that provider of resources to work on it.  As far as HOW that relationship happens not sure but any vendor that is a MS Partner probably has established channels to make that happen.

    Tuesday, November 5, 2019 3:47 PM