TechIDManager can make JIT accounts for EntraID and you can use MFA on those accounts that is TOTP. The same TOTP access token lasts between different sessions of enabling the same JIT account. You only need to set it up once.
Here is how to set that up
- After the agent has been installed and rights have been granted, the first time the technician enables the account, it will be created, rights will be provisioned, and a password will be set. You will see in the TechClient that the indicator next to the account changes from a red X to a green +.
At this point you will notice that the OTP has not been setup yet. - Initiate logging in with the account.
- You will be prompted to setup MFA. Choose the option to use a different authenticator app.
You will be presented with a QR code.
4. Go back to the techclient and right click on the credential and select Edit OTP
secret.
5. At the bottom of the edit menu, select capture MFA. TechIDManager will scan the screen and find the QR code and setup the OTP secret.
Tip: make sure the QR code is visible on the screen and possibly enlarge it.
6. Move back to the Microsoft window and click next. It will ask you to confirm the new OTP that can be retrieved from TechIDManager.
Now you have a JIT account with Entra ID through TechIDManager, a password that rotates every time that it is logged in and disabled after the set time expires, and TOTP/MFA that is stored in TechIDManager. The TOTP/MFA will remain persistent with this account between uses of the account. The TOTP only needs to be set up the first time the account is used. The next time the technician enables the account, the same TOTP will be valid.