All the NPS Extension does is look to make sure the User has strong Authentication methods configured (Registered) and prompt the user. Then she/he/they needs to select 'Profile > Authentication Methods'Īfter that you are asked to set-up MFA again for that organization when logging in.Thanks for your post! The NPS Extension doesn't look at or interact with Conditional Access policies. Let her/him/them go to you user account (Azure Active Directory>Users) When you are completely locked out of the tenants you are guest in, because you lost access to all your configured MFA options, what needs to be done is this:Ĭontact a global administrator of the organization you are guest in With this extra MFA option you can reset the MFA options that are lost to you, through '' If you have set multiple methods for MFA (like authenticator AND phonenumber) then you may be able to log in using the 'Sign in another way' option. This means you cannot reset your authenticator app by going to your profile as is suggested in the other answer. If you have only one MFA method set, and this method is lost to you, then as far as i know, you cannot join the guest organizations that you need to reset the MFA for. Don't forget to delete the registration for your old phone too. This should get you to this page in the guest tenancy:įrom there you should see options to (re)setup your Authenticator app (scan the QR code etc.). On the profile page, right hand side, you should see 'Additional Security Verification'. When the page reloads, now you should find the 'My Profile' link under your badge. If you don't see 'My Profile', use the ellipsis (.) and select to leave the 'new experience'. Now, in the guest tenancy, select your badge again, and select 'My Profile'. At this point if you don't have access to the current MFA authenticator device you will need to use 'login another way' to use SMS MFA for this login.
Select the profile badge for you (circle, top right), and select 'Switch organisation' to log into the guest tenancy you want to reconfigure. Login to using your 'normal' tenancy credentials. This is based on what linked to above ( ), but expanded out a bit as I struggled to follow it as written.īTW I recommend doing all this in a private/incognito window, to be sure you know what you are logged in as. Provided you still have access to the original MFA device, or originally configured to also allow SMS MFA login, these instructions worked for me.
0 kommentar(er)
