The following are the pre-requirements to complete this configuration:
* Please do not forget to send your public GPG/PGP key when requesting the CSV - this will ensure the sensitive data is not sent over insecure channels (most email systems are still using insecure protocols). You will only need to modify the usernames (UPN column) - please use a plain text editor, not spreadsheet editors like MS Excel as it may break the format.
The CSV file sent by Token2 does not contain the UPN for your users, so you have to add that information. Open the file in a text editor and add the missing information. The final file should look like shown below:
upn,serial number,secret key,timeinterval,manufacturer,model firstname.lastname@example.org,60234567,1234567890abcdef1234567890abcdef,30,Token2,c101
Navigate to Azure Portal > Azure Active Directory > MFA Server > OATH tokens and click on Upload, then select your CSV file.
In case the CSV file format is not correct you will get an error
If the upload is successful, click on "Refresh" button to see the list of tokens on the same page.
You should activate the tokens one by one. To proceed with activation click on Activate link on the last column. Enter the 6 digit OTP code shown on the token (yes, you have to have access to the token) and click on "Verify"
If the OTP is accepted by the MFA server, a message saying "Successfully activated the selected OATH token" will be displayed and the user will have a checkbox in the Activated column.
Once OATH token is activated and set as the default MFA method, users can use it to log in. Please note that the login page will still ask for "authenticator app" code on the login page, but the OTP generated by the hardware token will for sure be accepted without any issues.