Important
This repository contains the connector and configuration code only. The implementer is responsible for acquiring the connection details such as username, password, certificate, etc. You might even need to sign a contract or agreement with the supplier before implementing this connector. Please contact the client's application manager to coordinate the connector requirements.
- HelloID Environment:
- Set up your HelloID environment.
- Entra ID:
- App registration with
API permissionsof the typeApplication:User.ReadWrite.AllUserAuthenticationMethod.ReadWrite.All
- The following information for the app registration is needed in HelloID:
Application (client) IDDirectory (tenant) IDSecret Value
- App registration with
- The following methods are supported in this template
microsoftAuthenticatorAuthenticationMethodandphoneAuthenticationMethod. Other methods can be added by enriching the action script. - The default method should be removed last. But which method is default isn't reported by the graph API. For this reason, we retry removing a method one time. When retrying the method should be the last authentication method of the user and it will also be removed. When this also fails, an error is reported.
Important
If your organization uses other methods then microsoftAuthenticatorAuthenticationMethod and phoneAuthenticationMethod you should add them. If not the task can't delete the default method microsoftAuthenticatorAuthenticationMethod or phoneAuthenticationMethod
HelloID-Conn-SA-Full-EntraID-MFA-Reset is a template designed for use with HelloID Service Automation (SA) Delegated Forms. It can be imported into HelloID and customized according to your requirements.
By using this delegated form, you can reset all MFA methods of an EntraID user. The following options are available: 1. Search and select the Entra ID user 2. The task will remove all the configured authentication methods
Entra Id provides a set of REST APIs that allow you to programmatically interact with its data. The API endpoints listed in the table below are used.
| Endpoint | Description |
|---|---|
| users | The user endpoint of the Graph API |
The following options are available in the form:
- Lookup user: - This Powershell data source runs an Entra ID Graph API query to search for matching Entra ID accounts.
The following actions will be performed based on user selections:
- Update UPN and Email in Active Directory:
- The current authentication methods of the selected user are retrieved and are stored in
$phoneAuthenticatorMethodand$microsoftAuthenticatorMethod - If
$phoneAuthenticatorMethodcontains a value thephoneMethodswill be removed. If it fails$phoneAuthenticatorMethodSuccesswill be$false - If
$microsoftAuthenticatorMethodcontains a value themicrosoftAuthenticatorMethodswill be removed. If it fails$microsoftAuthenticatorMethodSuccesswill be$false - If
$phoneAuthenticatorMethodSuccessis$falsethephoneMethodswill be removed again. If it fails an error will be thrown - If
$microsoftAuthenticatorMethodSuccessis$falsethemicrosoftAuthenticatorMethodswill be removed again. If it fails an error will be thrown
- The current authentication methods of the selected user are retrieved and are stored in
The following user-defined variables are used by the connector. Ensure that you check and set the correct values required to connect to the API.
| Setting | Description |
|---|---|
EntraTenantId |
The ID to the Tenant in Microsoft Entra ID |
EntraAppId |
The ID to the App Registration in Microsoft Entra ID |
EntraAppSecret |
The Client Secret to the App Registration in Microsoft Entra ID |
Tip
For more information on Delegated Forms, please refer to our documentation pages.
Tip
If you need help, feel free to ask questions on our forum.
The official HelloID documentation can be found at: https://docs.helloid.com/