Classic hardware tokens for Office 365 / Azure cloud Multi-factor authentication

Azure AD  supports the use of OATH-TOTP SHA-1 tokens of the 30-second or 60-second variety (currently in public preview). We have tested our tokens (they are all OATH-TOTP SHA-1 30-second, 6 digits) with Azure MFA in the cloud and can confirm they are all supported. 


Requirements

The following are the pre-requirements to complete this configuration: 

  • Azure AD Premium P1 or P2 license
  • Token2 hardware token(s)
  • A CSV file for your token device(s). You will receive an email with the CSV you confirm the delivery* 

Please do not forget to send your public GPG/PGP key when requesting the CSV - this will ensure the sensitive data is not sent over insecure channels (most email systems are still using insecure protocols).


Prepare the CSV file

The CSV file sent by Token2 does not contain the UPN for your users, so you have to add that information. Open the file in a text editor and add the missing information. The final file should look like shown below:

upn,serial number,secret key,timeinterval,manufacturer,model
gulnara@token2.onmicrosoft.com,60234567,1234567890abcdef1234567890abcdef,30,Token2,c101

 Make sure you include the header row in your CSV file as shown above. Also, please do not edit the CSV file in Excel  use a text editor (Notepad) instead


Import the CSV file

Navigate to Azure Portal > Azure Active Directory > MFA Server > OATH tokens and click on Upload, then select your CSV file.

In case the CSV file format is not correct you will get an error

 

If the upload is successful, click on "Refresh" button to see the list of tokens on the same page.



Activating tokens

You should activate the tokens one by one. To proceed with activation click on Activate link on the last column. Enter the 6 digit OTP code shown on the token (yes, you have to have access to the token) and click on "Verify"


This dialogue window has some glitches, such as the "Activate" button is greyed out and the "Close" button on the top right has no icon. Both buttons work just fine when clicked.

If the OTP is accepted by the MFA server,  a message saying "Successfully activated the selected OATH token" will be displayed and the user will have a checkbox in the Activated column. 



Once OATH token is activated and set as the default MFA method, users can use it to log in. Please note that the login page will still ask for "authenticator app" code on the login page, but the OTP generated by the hardware token will for sure be accepted without any issues.


For larger organizations, we recommend to instruct users in remote offices to set up additional MFA methods in addition to the hardware tokens. This will ensure users can still log in in case the hardware token is lost or damaged. Additional MFA factors, such as SMS or mobile app can be configured by users themselves on this page.



keywords:
security tokens that work with office 365  OATH tokens for Azure MFA  classic hardware tokens for Office 365
Payment methods

   PayPal Logo
Large Volume Orders
For large orders, Token2 offers volume discounts.If you are interested in larger volume orders, please contact us and we will get back with a quote immediately