How to bulk activate OATH hardware tokens with Azure MFA

Token2 RD
1 min readAug 31, 2020

--

Bulk activate OATH hardware tokens with Azure MFA

The current process to activate an OATH token with Azure MFA is cumbersome, error-prone and needs Global Administrators (GA) valuable time. Just imagine all GA’s time required for OATH token registration and activation, if an organization have 10000+ users who have to use OATH tokens.

Token2 has developed a solution to automate the activation of imported hardware tokens with Azure MFA. This is a PowerShell based solution that uses the same CSV file used to import the OATH tokens to Azure MFA. Instead of manually entering the OTP code generated on the hardware token, the solution uses the CSV file to calculate the current OTP using the secret of each token and submits it directly to Azure MFA endpoint via an HTTPS request.

The process takes around 1–2 seconds per user/token (depending on your internet connectivity and the endpoint’s current performance).

The video below shows how a solution developed by Token2 engineers allows to bulk activate hardware tokens uploaded to Azure MFA.

The solution is currently being used internally, but we can provide the source code to our existing customers if needed.

Token2 Azure OATH Tokens bulk activation solution is available here.

--

--