Multi-Factor Authentication support

[alexlushsevernunival]

Presume MFA is not currently supported (if it is then I can't log in using it). Can this be added?

[bramdejager]

Hi Alex, sorry at the moment MFA is not supported. I'll look at it and put it on the backlog ;-).

[s-KaiNet]

Actually you don't have to do anything specific for MFA support (at least for SharePoint Online):

1. Even with MFA you can use username\password authentication. You should create a new app password. To do that:
   • In the top right corner in SharePoint click on profile -> My Account -> Manage security and privacy -> Additional security verification -> Create and manage app passwords (in the bottom)
   • create new app password
   • use your login name as username and app password as password for SharePoint Client Browser

[alexlushsevernunival]

@s-KaiNet - Yes, that would be an acceptable workaround. Thanks.

[bramdejager]

@s-KaiNet thanks for that information. I did some searching and found the article on this from Microsoft. That should help out to get it up and running. Let me know if this works for you @alexlushsevernunival? Article on Microsoft docs: What are App Passwords in Azure Multi-Factor Authentication?

[alexlushsevernunival]

@bramdejager - Yes I was aware of App Passwords and this does indeed work fine to log into the tool. Its just a clunky way of working that requires an extra step for the user during the login. Always better to natively support MFA in the app if possible in my opinion.

[hellriser4]

please use PNP authentication Manager for your login. It will fix the multi factor authentication and your application will still function as it is not every environnements that allow App Password in their Azure. Alot of them consider it as a Security breach and is therefore not the best solution.

https://gist.github.com/vman/37bab1e1d700be238011f1de23a3e275

[MrTantum]

MFA has become a must have for SharePoint programs nowadays. Other community tools like SharePoint Search Query Tool already allow MFA.

Would be fantastic if you could add it.

[harveryang]

Along the same line as @hellriser4 and @MrTantum, some organization use group policy to turn off app password feature so the workaround doesn't work in that scenario. PNP authentication Manager seems to be the way to go for client side SharePoint development going forward. It would be fantastic if you can add MFA support to the tool. :)

[TazzyMan]

Actually you don't have to do anything specific for MFA support (at least for SharePoint Online):

1. Even with MFA you can use username\password authentication. You should create a new app password. To do that:

   • In the top right corner in SharePoint click on profile -> My Account -> Manage security and privacy -> Additional security verification -> Create and manage app passwords (in the bottom)
   • create new app password
   • use your login name as username and app password as password for SharePoint Client Browser

Unfortunately this work-around doesn't work on customer environments where you have a little less privileges.

[bramdejager]

Hi @TazzyMan, can you try to use the authentication mode "Claims (AD FS)" and let me know if that works out for you? It does for me with my MFA account. Thx!

[TazzyMan]

Hello @bramdejager ,I Just tried. It shows some blank window (probably IE) and a few seconds later it shows a dialog: The remote server returned an error: (403) Forbidden.

I know IE is used for interactive login and sometimes cookies are preserved, so it automatically tries to log you in with the latest user that was active, but I also tried using The SearchQueryTool and that seems to work better, even though 'Web login' fails eventually. But it DOES show the complete login dialog, including the MFA token/authorization. 'App Id' login works though but that seems to use some sort of ClientId (9bc3ab49-b65d-410a-85ad-de819febfddc). Don't know what that is