Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This topic covers how to manage hardware oath tokens in Microsoft Entra ID, including Microsoft Graph APIs that you can use to upload, activate, and assign hardware OATH tokens.
Manage hardware OATH tokens in the Authentication methods policy (Preview)
You can view and enable hardware OATH tokens in the Authentication methods policy by using the Microsoft Entra admin center.
To enable hardware OATH tokens in the Microsoft Entra admin center:
Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
Browse to Entra ID > Authentication methods > Hardware OATH tokens (Preview).
Select Enable, choose which groups of users to include in the policy, and select Save.
We recommend that you migrate to the Authentication methods policy to manage hardware OATH tokens. If you enable OATH tokens in the legacy MFA policy, browse to the policy in the Microsoft Entra admin center as an Authentication Policy Administrator: Entra ID > Multifactor authentication > Additional cloud-based multifactor authentication settings. Clear the checkbox for Verification code from mobile app or hardware token.
Manage third-party software OATH tokens
Third-party software OATH tokens are enabled for sign in by default. An Authentication Policy Administrator can disable them to prevent users from signing in with a one-time password from a third-party Identity Provider.
- Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
- Browse to Entra ID > Authentication methods > Third-party software OATH tokens.
- Move the silder for the Enable control to prevent users from signing in with third-party software OATH tokens.
- Click I Acknowledge, then click Save.
Related content
Learn more about OATH tokens. Learn how to create one or more hardwareOathTokenAuthenticationMethodDevices.