Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

User Enrollment and Self-Management

Published: May 20, 2013

Updated: February 21, 2014

When users are set up by their administrators to use Azure Multi-Factor Authentication for multi-factor authentication with their systems, they will often be sent an email. If the administrators know the users’ phone numbers or were able to import the phone numbers into the Azure Multi-Factor Authentication Server from their company’s directory, the email will let users know that they have been configured to use Azure Multi-Factor Authentication, provide some instructions on using Azure Multi-Factor Authentication and inform the user of the phone number they will receive their authentications on. The content of the email will vary depending on the method of authentication that has been set for the user (e.g. phone call, SMS, mobile app). If the user is required to use a PIN when they authenticate, the email will tell them what their initial PIN has been set to. Users are usually required to change their PIN during their first authentication.

If users’ phone numbers have not been configured or imported into the Azure Multi-Factor Authentication Server, or users are pre-configured to use the mobile app for authentication, they will receive an email that lets them know that they have been configured to use Azure Multi-Factor Authentication and will direct them to complete their account enrollment through the Azure Multi-Factor Authentication User Portal. A hyperlink will be included that the user clicks on to access the User Portal.

When the user clicks on the hyperlink, their web browser will open and take them to their company’s Azure Multi-Factor Authentication User Portal.

The user logs in to the User Portal with their internal directory username and password and clicks the Log In button. They are then taken to the Azure Multi-Factor Authentication User Setup page. Depending on how the administrators have configured Azure Multi-Factor Authentication, the user may be able to select their authentication method. If they select the Voice Call authentication method or have been pre-configured to use that method, the page will prompt the user to enter their primary phone number and extension if applicable. They may also be allowed to enter a backup phone number. If the user is required to use a PIN when they authenticate, the page will also prompt them to enter a PIN. After entering their phone number(s) and PIN (if applicable), the user clicks the Call Me Now to Authenticate button. Azure Multi-Factor Authentication will perform a phone call authentication to the user’s primary phone number. The user must answer the phone call and enter their PIN (if applicable) and press # to move on to the next step of the self-enrollment process.

If the user selects the SMS Text authentication method or has been pre-configured to use that method, the page will prompt the user for their mobile phone number. If the user is required to use a PIN when they authenticate, the page will also prompt them to enter a PIN. After entering their phone number and PIN (if applicable), the user clicks the Text Me Now to Authenticate button. Azure Multi-Factor Authentication will perform an SMS authentication to the user’s mobile phone. The user must receive the SMS which contains a one- time-passcode (OTP) and reply to the message with that OTP plus their PIN if applicable) to move on to the next step of the self-enrollment process.

If the user selects the Mobile app authentication method or has been pre-configured to use that method, the page will prompt the user to install the Azure Multi-Factor Authentication app on their device and generate an activation code. After installing the Azure Multi-Factor Authentication app, the user clicks the Generate Activation Code button. NOTE: In order to use the Azure Multi-Factor Authentication app, the user must enable push notifications for their device.

The page then displays an activation code and a URL along with a barcode picture. If the user is required to use a PIN when they authenticate, the page will also prompt them to enter a PIN.

The user enters the activation code and URL into the Azure Multi-Factor Authentication app or uses the barcode scanner to scan the barcode picture and clicks the Activate button.

After the activation is complete, the user clicks the Authenticate Me Now button. Azure Multi-Factor Authentication will perform an authentication to the user’s mobile app. The user must enter their PIN (if applicable) and press the Authenticate button in their mobile app to move on to the next step of the self-enrollment process.

If the administrators have configured the Azure Multi-Factor Authentication Server to collect security questions and answers, the user is then taken to the Security Questions page. The user must select four security questions and provide answers to their selected questions.

The user self-enrollment is now complete and the user is logged in to the User Portal. Users can log back in to the User Portal at any time in the future to change their phone numbers, PINs, authentication methods and security questions if allowed by their administrators.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.