Multi-factor Authentication

In today’s online environment, the rudimentary “username and password” approach to security is easy prey for cyber criminals.

Many log-ins can be compromised in minutes, and private data (such as personal and financial details) is under increasing threat.

Multifactor authentication (MFA) is a security system which adds another layer of security that requires an additional security layer for your business in which a user is granted access only after successfully presenting at least two or multi-factor authentication mechanism. This authentication method can be easily summed up as a combination of "something you have and something you know”.

A common example of this is having a password and a one-time password (OTP) or PIN that is provided via software on your smart phone or via a text message. Without having both pieces of information, a user would not be able to log in successfully. Many organizations today offer MFA, including Google, PayPal and most financial institutions.

In addition to the username and password authentication, JSDN platform also supports additional security measures against repeated login failures. After a predefined number of failed attempts, JSDN implements additional security measures like captcha to prevent any brute force security threat. The framework further enhanced to support other security measures like security questions, OTP, Authorization code etc.

You need to have the following handy to generate Authorization code, whenever someone order for a Microsoft Services:

Obtain CSP Domain and Native App ID

Below are the steps to capture CSP Domain and Native App ID from Microsoft Partner Centre portal:

  1. Ensure that your browser cache and cookies have been cleared or use browser incognito mode.
  2. Launch http://partnercenter.microsoft.com/.
  3. Login with CSP admin credentials.
  4. Click Dashboard.
  5. Click the Settings icon (top right corner)

  6. Select Partner settings option from the drop-down list.

  7. From the Partner profile page, select App Management option.

  8. Capture the Domain value, under Web App this is the CSP Domain.

  9. Scroll down to Native App and capture the App ID value.

Now that you have the CSP Domain Name and the Native App ID the next step is to capture the Redirect URI

Obtain Redirect URI

Steps to be followed to capture Redirect URI

  1. Ensure that your browser cache and cookies have been cleared or use browser incognito mode.
  2. Login to Azure portal using the partner user admin agent.
  3. Navigate to Azure Active Directory > App Registrations page.
  4. Search in section ‘All Apps’ for the ‘Native App ID’ (Steps to find Native App ID is given above)

  5. Click on the resulting app.
  6. Click Settings.

  7. Click Redirect URLs and capture the Redirect URI which will be used to generate authorization code.

Now that we have all the three values captured CSP Domain, Native App ID, and Redirect URI.

  1. Let's replace the values captured in the below mentioned URL.

    https://login.microsoftonline.com/<<csp domain>>/oauth2/authorize?client_id=<<client_id>>&response_type=code&redirect_uri=<<redirect_uri>>&response_mode=query&resource=https://graph.microsoft.com.microsoft.com&state=12345

    Replace <<csp domain>> with csp domain.

    Example: example.onmicrosoft.com

    Replace <<client_id>> with Native App ID added in the partner credentials.

    Example : 4623ca39-e9fa-4f7e-8334-d5add4c71422

    Replace <<redirect_uri>>with the Redirect URI, where the authorization code will be sent back in browser.

    Example: http://localhost:8080

    Here is a sample URL that we have constructed using the above examples :

    Sample url:

    https://login.microsoftonline.com/cspsandbox25.onmicrosoft.com/oauth2/authorize?client_id=4623ca39-e9fa-4f7e-8334-d5add4c71422&response_type=code&redirect_uri= http://localhost:8080&response_mode=query&resource=https://graph.microsoft.com.microsoft.com&state=12345

  2. Ensure that your browser cache and cookies have been cleared or use browser incognito mode.
  3. After sign-in, authorization code will be sent back to the entered redirect_uri.

  4. Copy the higlighted content (from the below sample url) in the browser or to a text editor.

    Here is an Example :

    http://localhost:8080/?code=AQABAAIAAACEfexXxjamQb3OeGQ4GugviODwY4_IIR55HQ_T0ePZdJ7b8YKr4nAoaOO84fC4pihKlf7c-FRPsolLcwoUyQUnceEbE81xg8qnMg2qDgwn29ozcluaVEeC47Xf-kDq_mb19_skS0ZkyKIHZaChcvbgrsxkQ-tIM4ZjN9Rp_XgO8VtSHCrLk1iZfaur3y0FHr48VjpMZZkwpGL45vU_HAycgH1zvz6Gx5vvjXXtwx2QzSh6rxuMvKYxI4kUyPtc_-GH-IIZkCpxb356ZB4AbkYT5c7C-E7koKtMSuIngjv-PdBPQ8C1XWotcgS31Gp8vWArs_qQEX0XHUgzEJHhUNvm8apg9pRv2ZS8R5pgNngW4Dkrms5ELN8O9u_iKrKriszawdPUavf6UtkRf8pSZgvYTO2DdXj9otkkRWYnL8_k018UMr0Opvm62wCfQm7FjSUXkWVLsK_CPceMfKKeiUttvkYp2h4EoD8kb2_XbMbRVeERuwfb_S-77rl3shF6F6WezzWmsFUT5Qt0MEHG7FB7vLhypL-56rbqT0oHr9Pyy9D_zciH9g4o1oQlx01vohk049r_0gPQv_yPiQFmk3QBIAA&state=12345&session_state=1d7b2681-6a60-40ef-a649-8303377231bd

  5. Copy the code in the URL, which is the Authorization Code.This Authorization code needs to be entered on JSDN Partner credentials page for MSCSP Services.

Follow the below steps to map MSCSP credentials on JSDN.

  1. Login to marketplace as marketplace admin
  2. Navigate to Administration > Service management > Click the Edit partner credentials icon of any MSCSP SAAS service or Azure CSP service.
  3. Enter captured Authorization code and redirect URI along with the other credentials and click Save.