| Info |
|---|
OOBA (Out-of-Band Authentication) is performed through a separate channel. DualShield follows RFC 8176 and includes mca in the amr claim of the id_token. However, Entra ID currently accepts only otp, so the following customization is required. Otherwise, it may report the error: Failed to validate external id_token: 'amr' claim has unexpected value. |
If you plan to authenticate using Out Of Band Push Authentication, then please configure AMR as follows..
In DualShield Admin Console, navigate to SSO > VendorVendors..
Click the context menu of "Microsoft" and select "AMR"
...
Click the down arrow to the right of the "AMRsVendor Specific AMR" list box
Select "swkand select "otp" from the list
Click "SAVE"