Deepnet SafeID OTP hardware token is one of OATH-compliant tokens officially supported by Azure MFA on-premises server and Azure MFA cloud service. It has been widely used by Azure AD customers.
The latest version of Azure MFA Server now supports two ways of importing hardware tokens: batch import from a CSV file or manual entry.
Importing Tokens from a File (Batch Import)
All newly imported token will now be listed in the OATH Tokens list:
Adding Tokens Manually (Single Entry)
To add an OATH token:
You will be prompted to synchronize the token
If the token is successfully imported, it will list in the OATH Tokens list:
Hardware tokens must be uploaded to Azure MFA service in a comma-separated values (CSV) file. Deepnet SafeID or MobileID tokens are supplied with a CSV file that includes serial number, secret key, time interval, manufacturer, and model as the example below shows.
Token Seed File
Azure MFA requires one extra information to be added into the CSV file: the user principal name (UPN) of each token. Therefore, you need to edit the CSV file in the text editor or Excel, and add an UPN to each of the tokens, as the example below shows.
Token Seed File
Now, sign in to the Azure portal and navigate to Azure Active Directory, MFA Server, OATH tokens
Select "Upload" to upload the CSV file.
Depending on the size of the CSV file, it may take a few minutes to process. Click the Refresh button to get the current status. If there are any errors in the file, you will have the option to download a CSV file listing any errors for you to resolve.
Once any errors have been addressed, the administrator then can activate each key by clicking Activate for the token to be activated and entering the OTP displayed on the token.
At the login screen, if the method “use a verification code from app” is not displayed, then the user needs to choose “Sign in another way”
Enter an OTP generated from the token in the screen bellow.
Once the OTP has been verified successfully, the user will be granted access.
Set Default Verificaftion Method
If the user just needs to use the OTP from the token as the default, then they can go to aka.ms/mfasetup and change their default method to “use verification code from app”. This will take the user to the Enter code above as a default.
Login to aka.ms/mfasetup. The user will be asked to verified by a text message or voice call.
The system will verify the phone number with a voice call and the user needs to hit # to verify the call.
Once the user is verified, and the rest of the registration process is complete, the user needs to go back to AKA.ms\mfasetup and make sure the token shows in the profile, (see below).
Now, tick the "Authenticator app" option. Then, under "what's your preferred option?", select "Use verification code from app" as the default verification option. (Azure MFA treates the token hardware tolken the same as the app).
Deepnet also supplies a USB key, Deepnet SafePass, and a software token, Deepnet MobileID, that are also supported by Azure MFA.