Azure authentication OTP?

I'm turning on two-step verification for Office365 and it is asking me to download the Azure Authentication app. I'd prefer to use 1Password to do the OTP.

Is this 1.5 year old post still accurate? Can I use 1Password's TOTP support for Azure yet?

https://discussions.agilebits.com/discussion/50848/does-office365-login-with-2-factor-authentication-require-microsoft-authenticator-app

TIA


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hello @akaman,

    That information is still correct. We only support RFC 6238 which people will more commonly associate with the Google Authenticator app. We did have a feature request but I see it has been closed as iOS does not have a SDK that would allow us to support it. If this is accurate it means that even if there was demand the blocking issue is we cannot support it. It looks like you'll have to use their own authentication app I'm afraid.

    ref: OPI-2495

  • akaman
    akaman
    Community Member

    I did more testing and I found that there is a way to set up 1Password! If you select "Authenticator App"(?exact wording?) instead of phone SMS, then you get a QR code. This is NOT the one you want. This sets up the MS Authentication app. There is small text that says something like "set up without notifications". Click this. You get a different QR code and also the "abcd kdhd kdks kake" type of secret key. This QR code scan correct into 1Password.

    So you want to set it up for App but WITHOUT notifications (push notifications that would come for Allow/Deny messages to MS Authenticator app).

    Hope this helps others.

  • matthew_ag
    matthew_ag
    1Password Alumni

    Hey @akaman,

    Thanks for figuring that out, it's great to know there's a workaround others can use :chuffed: :+1:

    Best regards,
    Matthew

  • makip
    makip
    Community Member

    Hello - same here. I would prefer to use 1Password to manage all my logins with 2FA / OTP, but the Office 365 QR code is rejected by 1Password (I assume MS is requiring their own Authenticator app?)
    Could you please give us an update on what you know? Will it be possible to support O365 / Azure OTP, or is it a lost cause?

  • Hi @makip,

    Is akaman's post just above not helpful in bypassing Microsoft's own authenticator app?

  • makip
    makip
    Community Member

    Ha - looks like my use of a Safari content blocker prevented me from properly seeing all the forum posts. Thanks for the follow-up, and yes I can confirm that using this modified setting (a code generated, instead of a push notification) does produce a scannable QR code that produces an RFC 6238 compliance code.
    Regards, Maki

  • Hello @makip,

    Content blockers eh? :lol: They're a bit like spam filters, great as long as it doesn't create a false positive and block something you really don't want it to. Glad to hear that helps.

  • otter311
    otter311
    Community Member

    Just followed @akaman 's instructions and it worked. I set it up on my mac using chrome and the current 1Password version.
    After you click configure app, right next to the QR code is a link that says configure without notifications. If you click that the QR code will change and then 1Password can parse it and registers it successfully.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Great to hear their post helped :smile:

  • robincarpels
    robincarpels
    Community Member

    Please do note that your system administrator needs to allow you to use this method. The use of a mobile app or hardware key needs to be enabled in order to make this work. This is a global setting in the admin preference pane on the office 365 portal.
    I had to ask our sys admin to enable this setting.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Thank you for posting that @robincarpels :smile: Details like that are always useful to know.

  • daniel110928
    daniel110928
    Community Member

    Thanks @akaman! Love to see this info on the OTP support page. :)

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    The information probably deserves to be recorded somewhere but I'm not sure we want to use that page. Ideally that page will be kept clean and simple for those sites that fully support this form of 2FA with having to wrangle with the site. This thread does contain good information though and we don't want to lose that.

  • aporcano
    aporcano
    Community Member

    This post is solid gold. Thank you. Spent an hour banging my head against the wall until I found this.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Glad that helped! I've also encountered some other sites recently that do a similar thing where they give you a QR code that is, in fact, to download their own app, rather than for generating authentication codes. :)

This discussion has been closed.