Enable TAP at the tenant level
The Temporary Access Pass (TAP) policy in Azure enables this authentication method for users and groups and can be used to login to Web Apps or Desktop. The TAP method is recommended for new or existing users to login to a new device without requiring a password. The TAP has a limited validity period, and it takes precedence over any other method of authentication. It is also recommended to issue multi-use TAP but delete it after the user is successfully enrolled in the Passwordless login method for desktop and Web SSO. After you complete the following steps, your tenant will be configured to support the TAP Authentication method.
- Sign in to the Azure portal using an account with global administrator permissions.
- Search for and select Azure Active Directory (Entra ID), then choose Security from the menu on the left-hand side.
- Under the Manage menu header, select Authentication methods > Policies.
- From the list of available authentication methods, select Temporary Access Pass.
Set up Temporary Access Pass for Users
After you enable a tenant-level TAP policy, as explained in earlier steps, you can create a Temporary Access Pass for a user in Azure AD. These roles can perform the following actions related to a Temporary Access Pass.
- Global Administrators can create, delete, and view a Temporary Access Pass on any user (except themselves)
- Privileged Authentication Administrators can create, delete, and view a Temporary Access Pass on admins and members (except themselves)
- Authentication Administrators can create, delete, and view a Temporary Access Pass on members (except themselves)
- Sign in to the Azure portal as either a Global administrator, Privileged Authentication administrator, or Authentication administrator.
- Select Azure Active Directory, browse to Users, select a user, then choose Authentication methods.
- Select the option to Add authentication methods.
- Below Choose a method, select Temporary Access Pass.
- Define a custom activation time or duration and select Add. (1 hour preferable)
- Once added, the details of the Temporary Access Pass are shown.
-
Make a note of the actual Temporary Access Pass value. You provide this value to the user via personal email, work email (if accessible via an existing device), SMS, phone, or in person.
Note: You can't view this value after you select Ok.
Please refer to this link for additional information on Temporary Access Pass.
Comments
0 comments
Please sign in to leave a comment.