| Info |
|---|
OOBA (Out-of-Band Authentication) is performed through a separate channel. DualShield follows RFC 8176 and includes mca in the amr claim of the id_token. However, Entra ID currently accepts only otp, so the following customization is required. Otherwise, it may report the error: Failed to validate external id_token: 'amr' claim has unexpected value. If you plan to authenticate using Out Of Band Push Authentication, then please configure AMR as follows.. In DualShield Admin Console, navigate to SSO > Vendor |
Click the context menu of "Microsoft" and select "AMR"
...