Assign a "Temporary Access Pass" to an Azure account

In this article

• Definitions
• Guide Topic
• Adding Temporary Access Pass (TAP) to an Azure Account
• Adding student accounts to the Azure group VDI-MFA-FOB

Definitions

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application or an online account.

Temporary Access Pass (TAP) a time-limited passcode issued by an admin that satisfies strong authentication requirements.

Guide Topic

HelpDesk and Technicians will apply a Temporary Access Pass (TAP) to Azure accounts for users who have misplaced their mobile devices and for students who do not have a mobile device to satisfy the MFA requirements.

Students and others who do not want to use their mobile device can also request a TAP. Temporary Access Passes are good for 30 days at which time the   user will   need to call the 24/7 Helpdesk requesting a new TAP be applied to their account

The Helpdesk and technician will follow the steps provided in the document to assign a TAP.

1. Assign a Temporary Access Pass

• To any student who does not have a mobile device to use for MFA compliance.

  • The assigned TAP will be for 30 days.

• To any user who has misplaced their mobile device and needs a TAP.

  • The assigned TAP will be based on the users situation. Normally for 8-10 hours until they are home or if they are replacing their mobile device, we can assign a TAP for up to 30 days.

2. Add student Azure account to the  Azure group VDI-MFA-FOB.

• You will add the student Azure accounts to the VDI-MFA-FOB group until October 2023 after which this process will no longer be necessary.

• On October 13, 2023, ALL students will be members of a Conditional Access Policy which will make MFA standard.

Adding Temporary Access Pass (TAP) to an Azure Account

The Helpdesk or technician will receive a phone call requesting a Temporary Access Pass

Open the azure portal https://portal.azure.com/ using your Azure credentials.

1. Choose Azure Active Directory.

  2. Choose Users.

   3. Choose All Users – enter the name of the user in the Search box.

• Click the user’s name to open their Azure account.

• 

4. On the left choose Authentication Methods then on the top choose + Add authentication Method. Using the drop arrow choose Temporary Access Pass.

• Delete any expired Temporary Access Passes.
  

5. Choose the Activation Duration by moving the bar to the right. Then click Add.

• Students who do not have a mobile device will receive the maximin duration 30 days.

• Others will receive the amount of time that reflects their situation, they do not have their mobile device at work 8-10 hrs, replacing phone multiple days.

• The Activation Duration is in minutes.

  • 8 hours = 480 minutes

  • 24 hours = 1440 minutes

  • 30 days = 43,200 minutes
    

            6. This screen provides the 8-digit Temporary Access Pass and valid date with time.

• Tell the students that the TAP is good for 30 days in which time they will need to call the Helpdesk to receive a new Temporary Access Pass.

• Ask the user for an email address to send the TAP and expiration date/time.

  • The user cannot use a TCC EMAIL ADDRESS TO RECEIVE THE TAP INFORMATION.

• Verbally tell the user the 8-digit TAP and the expiration date/time.

• Email the information shown in this screen to the user. Be sure the passcode is legible.

Adding student accounts to the Azure group VDI-MFA-FOB

On October 13, 2023, TCC will activate MFA for ALL students. At that time we will no longer add students to the VDI-MFA-FOB group.

1. Choose Groups – All Groups enter group name VDI-MFA-FOB. Click VDI-MFA-FOB

2. Add the student to the VDI-MFA-FOB group.

• Choose Members located to the left.

• Click Add Members located at the top.

Click “Refresh” – you should see the student’s name that you just entered.