IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
just wondering for any suggestions if there are any ways to leverage Azure MFA in IBM Security Verify Access (ISVA).
ISVA has the AAC poilcy which attached to SSO application resources.. when end user access any SSO apps, it prompts MFA for text message and voice. We use third party REST API end points for messaging and call back. Now we want to replace with azure MFA as we have enough licenses.
These users 1st factor authentication i.e. username/password is PTA to on-premise AD. OAuth/OIDC/SAML SSO apps are integrated in ISVA. Is there any complex or simplest way to utilize the azure MFA?
Any suggestions would be helpful.
Hey Bipin, As far as I've seen - Azure/Entra MFA doesn't have a published 'REST' based interface or any practical SDKs. All their integrations are either by OIDC or otherwise. As such, unfortunately - IMO integration outside of the Microsoft world is 'messy' and custom. I'm aware of a number of projects that have investigated this, but I'm not aware of a pattern used to achieve this consistently. You might consider migrating to Passkeys or similar - for a better user experience? And native capabilities in IBM Security Verify Access that don't consume/need Azure licenses.
Thank you Philip! We do have OOTB TOTP and IBM Verify Push notification. Was verifying if there are options to utilize. Initially I thought MSFT Graph QL API would be helpful but also did a check with MSFT and it won't work as per our requirement.