In this article
Definitions
Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application or an online account.
Temporary Access Pass (TAP) a time-limited passcode issued by an admin that satisfies strong authentication requirements.
Guide Topic
HelpDesk and Technicians will apply a Temporary Access Pass (TAP) to Azure accounts for users who have misplaced their mobile devices and for students who do not have a mobile device to satisfy the MFA requirements.
Students and others who do not want to use their mobile device can also request a TAP. Temporary Access Passes are good for 30 days at which time the user will need to call the 24/7 Helpdesk requesting a new TAP be applied to their account
The Helpdesk and technician will follow the steps provided in the document to assign a TAP.
1. Assign a Temporary Access Pass
2. Add student Azure account to the Azure group VDI-MFA-FOB.
-
You will add the student Azure accounts to the VDI-MFA-FOB group until October 2023 after which this process will no longer be necessary.
-
On October 13, 2023, ALL students will be members of a Conditional Access Policy which will make MFA standard.
Adding Temporary Access Pass (TAP) to an Azure Account
The Helpdesk or technician will receive a phone call requesting a Temporary Access Pass
Open the azure portal https://portal.azure.com/ using your Azure credentials.
1. Choose Azure Active Directory.
2. Choose Users.
3. Choose All Users – enter the name of the user in the Search box.
4. On the left choose Authentication Methods then on the top choose + Add authentication Method. Using the drop arrow choose Temporary Access Pass.
5. Choose the Activation Duration by moving the bar to the right. Then click Add.
-
Students who do not have a mobile device will receive the maximin duration 30 days.
-
Others will receive the amount of time that reflects their situation, they do not have their mobile device at work 8-10 hrs, replacing phone multiple days.
-
The Activation Duration is in minutes.
-
8 hours = 480 minutes
-
24 hours = 1440 minutes
-
30 days = 43,200 minutes
6. This screen provides the 8-digit Temporary Access Pass and valid date with time.
-
Ask the user for an email address to send the TAP and expiration date/time.
-
Verbally tell the user the 8-digit TAP and the expiration date/time.
-
Email the information shown in this screen to the user. Be sure the passcode is legible.
You will now see the assigned Temporary Access Pass with its expiration date shown below.
Adding student accounts to the Azure group VDI-MFA-FOB
On October 13, 2023, TCC will activate MFA for ALL students. At that time we will no longer add students to the VDI-MFA-FOB group.
1. Choose Groups – All Groups enter group name VDI-MFA-FOB. Click VDI-MFA-FOB
2. Add the student to the VDI-MFA-FOB group.
3. Enter the student’s name, check the box next to the name found then click Select.
Click “Refresh” – you should see the student’s name that you just entered.