Cezanne HROther ArticlesSingle Sign-On SAML 2.0 SetupAzure SSO - Configure Multi Factor Authentication

Azure SSO - Configure Multi Factor Authentication

Note:

  • Making MFA changes to Azure may incur extra cost from Microsoft depending on implementation.
  • It will also affect user experience as MFA is not application specific and applied to the user. This may mean logging into other application and computers will require an MFA code to login.
  • MFA codes may not appear every time for logging in. They have an expiry time associated with them.

To enable MFA on a user:

  1. Click the ‘Manage Multi-Factor Auth’ button in the azure active directory you are using for SSO:
  1. A new window will open listing the users and their Multi Factor Authentication status
  2. Select the users you wish to have MFA enabled for and then click the ‘enable’ option in the quick steps panel.
  1. You will be prompted with a message telling you about MFA. Click ‘enable multifactor auth’ to proceed.
  1. If done successfully click the ‘close’ button.
  2. When your user logs in using their username and password they will be asked to configure their MFA device. Click the ‘Set it up now’ to proceed.
  1. From here you can configure the MFA as your organisation wishes. A basic setup would be:
  • Selecting the ‘Authentication Phone’ and entering a mobile number and choosing the ‘Send me a code by test message’. This will require a text message to be sent to the number for the SSO to complete.
  • Click the ‘contact me’ option to retrieve the first verification code and enter it into the new box that appears on the screen.
  • Once verified click the ‘Finished button’ and the user will now have their MFA device configure for 2 factor authentication.
  1. You can now try to login to Cezanne On Demand
  2. After inputting your user credentials (This may be applied at a domain level) It will propt you for a verification code. Please enter it and sign in.
  1. Provided the user is setup in Cezanne and configure for SSO they should now be logged in.