SALES: 1-800-867-1380

Administering Azure Multi-Factor Authentication Providers

Published: May 20, 2013

Updated: September 23, 2014

The following sections provide information on creating and managing a Azure Multi-Factor Authentication Provider.

To begin using Multi-Factor Authentication, you first need a Azure subscription. To obtain a Azure subscription, see Azure Free Trial

The following procedure will guide you through creating an Multi-Factor Authentication Provider.

ImportantImportant
Multi-factor authentication is available by default for global administrators who have a Azure Active Directory tenant. However, if you wish to extend multi-factor authentication to all of your users and/or want to your global administrators to be able to take advantage features such as the management portal, custom greetings, and reports, then you must purchase and configure an Multi-Factor Authentication Provider.

  1. Log on to the Azure Portal as an Administrator.

  2. On the left, select Active Directory.

  3. On the Active Directory page, at the top, select Multi-Factor Authentication Providers. Then at the bottom, click New.

  4. Under App Services, select Active Auth Providers, and select Quick Create.

  5. Fill in the following fields and select Create.

    1. Name – The name of the Active Auth Provider.

    2. Usage Model – The usage model of the Multi-Factor Authentication Provider.

      • Per Authentication – purchasing model that charges per authentication. Typically used for scenarios that use the Azure Multi-Factor Authentication in an application.

      • Per Enabled User – purchasing model that charges per enabled user. Typically used for scenarios such as Office 365.

      For additional information on usage models, see Azure pricing details.

    3. Directory – The Azure Active Directory tenant that the Multi-Factor Authentication Provider is associated with. Please be aware of the following:

      • You do not need an Azure AD directory to create a Multi-Factor Auth Provider.  This can be left blank if planning to use the Azure Multi-Factor Authentication Server or SDK only.

      • You will need to associate the Multi-Factor Auth Provider with an Azure AD directory if you wish to extend multi-factor authentication to all of your users and/or want your global administrators to be able to take advantage features such as the management portal, custom greetings, and reports.

      • DirSync or AAD Sync are only a requirement if you are synchronizing your on-premises Active Directory environment with an Azure AD directory.  If you only use an Azure AD directory that is not synchronized with an on-premises instance of Active Directory, you do not need DirSync or AAD Sync.

  6. Once you click create, the Multi-Factor Authentication Provider will be created and you should see a message stating: Successfully created Multi-Factor Authentication Provider. Click Ok.

The following procedure will guide you through deleting a Multi-Factor Authentication Provider.

  1. Log on to the Azure Portal as an Administrator.

  2. On the left, select Active Directory.

  3. On the Active Directory page, at the top, select Multi-Factor Authentication Providers.

  4. Select the Multi-Factor Authentication Provider that you want to delete and click Delete.

  5. Confirm that you want to delete the Multi-Factor Authentication Provider.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft