Azure Active Directory MFA

Question

Our clients uses Azure AD for their operations and wanted to integrate the Azure AD MFA to our web app (PHP) for additional security. Is this possible without using the Microsoft Identity Platform (SSO)? I also cant seem to find a REST API for the Azure AD MFA. Any alternate options that I could use for implementing MFA? Some recommendations would be highly appreciated. Thank you.

Answer 1

If you have not already registered the php app in azure ad like below: Quickstart: app registration-general- Microsoft identity platform | Microsoft Docs

Go for app registration in azuread .

1. Set Redirect URI like https://your.domain.name/oauth.php
2. Copy the client ID and tenant ID, to paste in _OAUTH_TENANTID and _OAUTH_CLIENTID in config.inc.
3. In Certificates & secrets page copy the secret value by adding a new secret,which cannot be accessed later.So copy when created.
4. Paste this into _OAUTH_SECRET within config.inc. Make sure _OAUTH_METHOD contains 'secret'.

You can see detailed info in here in Katy's Tech Blog .

See PHP Azure AD login with demo site (using oAuth)-GitHub reference for code configuration details.

For including multifaction authentication**(MFA)** :

• You may Go to azure ad > enterprise apps and check for the app you have just registered and create a policy to include MFA Requirement which asks users for additional authentication with the methods you enables like sms, phone call etc

next

Or you can directly go for conditional access and select app required while creating access policy.

After all set up in conditional access, make sure to Enable policy and save ,to start authenticating with azure ad which requires MFA.

Also check references:

1. Azure AD authentication with PHP using Microsoft Graph. a single PHP page
2. Deployment considerations for Azure AD Multi-Factor Authentication | Microsoft Docs
3. Integrate Azure Multi-Factor-Authentication in website to authenticate its users - Stack Overflow