Checking out the new Azure AD Temporary Access Pass preview feature

Uncategorized

So, “Temporary Access Pass (Preview)” just popped out as an available authentication method in my demo tenant, and I figured this was something that needs investigation!

What is Temporary Access Pass?

I have known about this feature for a long time, and suddenly it is publicly available, however documentation is very lacking. Nothing on docs.microsoft.com, nothing on Google – LOVE IT 🙂

Temporary Access Pass is a way for administrators to create a kind of temporary password for user, that expires, that is super useful for onboarding new users and for aiding users resetting their account credentials. The Temporary Access Pass counts as a strong authentication method, allowing you to enroll into MFA, register SSPR etc..

After enabling the Temporary Access Pass feature, how do I create an access pass for a user? Apparently not on the “Add authentication method” screen:

This would have been a logical place to create a temporary access pass…

I know that the authentication methods Graph endpoints was recently updated, but I can find no information about Temporary Access Pass here either. Tried a few endpoints just for good measure:

Found it!

So, apparently the endpoint for Temporary Access Pass is /authentication/temporaryAccessPassMethods under users. Now, how do we create an access pass then? What I usually do is check for pending pull requests on GitHub, and guess what I found?

You cannot hide from me

I found this documentation here, showing how to create a new Temporary Access Pass!

Actually, it seems you do not need any parameters at all, as none are required. Let’s try it out:

POST https://graph.microsoft.com/beta/users/5d6b33db-3cba-4bf1-8978-c206b5f41128/authentication/temporaryAccessPassMethods

{}

Access Denied. Probably because I was missing the UserAuthenticationMethod.ReadWrite.All consent:

And would you look at that!

Now let’s try to sign in with the user:

This was new!

And I’m in!

The authentication method is still not listed under authentication methods in the Azure AD portal:

The user also cannot see the Temporary Access Pass under security info:

So, when will the announcement of the public preview be?

Published by Marius Solbakken

Published

2 thoughts on “Checking out the new Azure AD Temporary Access Pass preview feature

  1. Pingback: 一定期間だけ使えるパスワード ~ Azure AD一時アクセスパス | Always on the clock

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s