all InfoSec news
I’d TAP That Pass
Security Boulevard securityboulevard.com
Summary:
Given that:
- Temporary Access Passes (TAP) are enabled in the Azure AD tenant
AND - You have an authentication admin role in Azure AD
You can assign users a short lived password called a Temporary Access Pass (TAP) that satisfies most multi-factor authentication requirements implemented in Azure AD conditional access without alerting the user or modifying their existing password. In addition, you can take advantage of the OAuth on-behalf-of (OBO) flow to maintain access to the target account, even after …
access account addition alerting authentication azure azure ad called cloud security conditional access expired factor flow infosec microsoft multi-factor multi-factor authentication oauth password red team requirements role social engineering target tokens