What is Microsoft Entra ID on Authenticator?

Microsoft Authenticator can be used to sign in to any Microsoft Entra account without using a password. Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric . Windows Hello for Business uses a similar technology.

What is a verified ID in Microsoft Authenticator?

Based on open standards, Verified ID automates verification of identity credentials and enables privacy-protected interactions between organizations and users . This diagram illustrates the participation of three parties in a verifiable credentials interaction.

Why do I need a Microsoft Entra ID?

IT admins use Microsoft Entra ID to control access to apps and app resources, based on business requirements . For example, as an IT admin, you can use Microsoft Entra ID to require multifactor authentication when accessing important organizational resources.

How do I verify my Microsoft account with the Authenticator app?

The authenticator app asks for a verification code as a test. From the Microsoft Authenticator app, scroll down to your work or school account, copy and paste the 6-digit code from the app into the Step 2: Enter the verification code from the mobile app box on your computer, and then select Verify.

How do I manually add Microsoft Authenticator?

Open the Authenticator app, select Add account from the Customize and control icon in the upper-right, and then select Work or school account. Select OR ENTER CODE MANUALLY. Enter the Code and URL from Step 1, and then select Finish. The Accounts screen of the app shows you your account name and a verification code.

What is the difference between Entra and Entra ID?

Microsoft Entra ID is the new name for Azure AD . The names Azure Active Directory, Azure AD, and AAD are replaced with Microsoft Entra ID. Microsoft Entra is the name for the product family of identity and network access solutions. Microsoft Entra ID is one of the products within that family.

What is Microsoft Entra only authentication?

The Microsoft Entra-only authentication feature prevents users from connecting to the server or managed instance using SQL authentication, and only allows connections authenticated with Microsoft Entra ID (formerly Azure Active Directory).

How to enable MFA in Entra?

Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator. Browse to Protection > Multifactor authentication > Account lockout . You might need to click Show more to see Multifactor authentication. Enter the values for your environment, and then select Save.

What is the purpose of using Microsoft Entra verified ID service for verification?

Microsoft Entra Verified ID Service. They enable identity owners to generate, present, and verify claims . This forms the basis of trust between users of the systems.

How to get Microsoft Entra ID resource?

Generate the Microsoft Entra ID access token for the signed-in Microsoft Entra ID service principal by running the az account get-access-token command. Use the --resource option to specify the unique resource ID for the Azure Databricks service, which is 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d .

How do I add an ID to Microsoft Authenticator?

Open Authenticator on your phone and select the plus icon and select Add account. Select Work or school account then tap Scan a QR Code . Notes: If you can't use your camera to scan a QR Code, click Can't scan the image on your PC and tap Enter code manually on your mobile.

Tutorial - Set up and use Microsoft Authenticator with VerifiedID

Article
12/06/2023

In this tutorial, you learn how to install the Microsoft Authenticator app and use it for the first time with Verified ID. You use the public end to end demo webapp to issue a verifiable credential to the Authenticator and present verifiable credentials from the Authenticator.

In this article, you learn how to:

Install Microsoft Authenticator on your mobile device
Use the Microsoft Authenticator for the first time
Issue a verifiable credential from the public end to end demo webapp to the Authenticator
Present a verifiable credential from the Authenticator to the public end to end demo webapp
View activity details of when and where you've presented your verifiable credentials
Delete a verifiable credential from your Authenticator

Install Microsoft Authenticator on your mobile device

If you already have Microsoft Authenticator installed, you can skip this section. If you need to install it, follow these instructions, but make sure you install Microsoft Authenticator and not another app with the name Authenticator, as there are multiple apps sharing that name. Once you have installed it, update to the latest version when new versions are available.

On iPhone, open the App Store app and search for Microsoft Authenticator and install the app.
On Android, open the Google Play app and search for Microsoft Authenticator and install the app.

Use the Microsoft Authenticator for the first time

Using the Authenticator for the first time presents a set of screens that you have to navigate through in order to be ready to work with Verified ID.

Open the Authenticator app and press Accept on the first screen.
See Also
Set up the Microsoft Authenticator app as your verification method Set up an authenticator app as a two-step verification method Manually add an account to the Microsoft Authenticator app Add your work or school account to the Microsoft Authenticator app
Select your choice of sharing app usage data and press Continue.
Press Skip in the upper right corner of the screen asking you to Sign in with Microsoft.

Issue a verifiable credential

When the Microsoft Authenticator app is installed and ready, you use the public end to end demo webapp to issue your first verifiable credential onto the Authenticator.

Open end to end demo in your browser
1. Enter your First Name and Last Name and press Next
2. Select Verify with True Identity
3. Click Take a selfie and Upload government issued ID. The demo uses simulated data and you don't need to provide a real selfie or an ID.
4. Click Next and OK
Open your Microsoft Authenticator app
Select Verified IDs in the lower right corner on the start screen
Select Scan QR code button. This screen only shows if you have no verifiable credential cards in the app.
If this is the first time you scan a QR code, the mobile device notifies you that the Authenticator is trying to access the camera. Select OK to continue scanning the QR code.
Scan the QR code and enter the pin code in the Authenticator and select Next. The pin code is shown in the browser page.
Select Add to add the verifiable credential card to the Authenticator wallet.
Select Return to Woodgrove in the browser

Note the following.

After you've scanned the QR code, the Authenticator displays who the issuing party is for the verifiable credential. In the above screenshots, you can see that it's True Identity and that the issuance request comes from a verified domain did.woodgrovedemo.com. As a user, it is your choice if you trust this issuing party.
Not all issuance requests involve a pin code. It's up to the issuing party to decide to include the use of a pin code.
The purpose of using a pin code is to add an extra level of security of the issuance process so only you, the intended recipient, can issue the verifiable credential.
The demo displays the pin code in the browser page next to the QR code. In a real world scenario, the pin code wouldn't be displayed there, but instead be given to you in some alternate way, like in an email or an SMS text message.

Present a verifiable credential

In learning how to present a verifiable credential, you continue where you left off above. Here, you'll present the True Identity verifiable credential to the demo webapp. Make sure you have a True Identity verifiable credential in the Authenticator before continuing.

If you're continuing where you left off, select Access personalized portal in the end to end demo webapp. If you have the True Identity verifiable credential in the Authenticator but closed the browser, then first select I've been verified in the end to end demo webapp and then select Access personalized portal. Selecting Access personalized portal will present a QR code in the webpage.
Open your Microsoft Authenticator app
Select Verified IDs in the lower right corner on the start screen
Press the QR code symbol in the top right corner to turn on the camera and scan the QR code.
Select Share in the Authenticator to present the verifiable credential to the end to end demo webapp.
In the browser, click the Continue onboarding button

Note the following.

After you've scanned the QR code, the Authenticator will display who the verifying party is for the verifiable credential. In the above screenshots, you can see that it is True Identity and that the issuance request comes from a verified domain did.woodgrovedemo.com. As a user, it is your choice if you trust this party and want to share your credential with them.
If the presentation request does not match any of the verifiable credentials you have in the Authenticator, you get a message that you haven't the credentials requested.
If the presentation request matches multiple verifiable credentials you have in the Authenticator, you are asked to pick the one you want to share.
If you have an expired verifiable credential that matches the presentation request, you get a message that it's expired and you can't share the credentials requested.

Continue onboarding in the end to end demo

The end to end demo continues with onboarding you as a new employee to the Woodgrove company. Continuing with the demo repeats the process of issuance and presentation in the Authenticator. Follow these steps to continue the onboarding process.

Issue yourself a Woodgrove employee verifiable credential

Select Retrieve my Verified ID in the browser. This displays a QR code in the webpage.
Press the QR code symbol in the top right corner of the Authenticator to turn on the camera
Scan the QR code and enter the pin code in the Authenticator and select Next. The pin code is shown in the browser page.
Select Add to add the verifiable credential card to the Authenticator wallet.

Use your Woodgrove employee verifiable credential to get a laptop

Select Visit Proseware in the browser.
Select Access discounts in the browser.
Select Verify my Employee Credential in the browser.
Press the QR code symbol in the top right corner of the Authenticator to turn on the camera and scan the QR code.
Select Share in the Authenticator to present the verifiable credential to the Proseware webapp.
Notice that a Woodgrove employee discounts are applied to the prices when Proseware have verified your credentials.

View activity details of when and where you have presented your verifiable credentials

The Microsoft Authenticator keeps records of the activity for your verifiable credentials.If you select a credential card and then switch to view Activity, you see the activity list for your credential sorted in most recently used order. For your True Identity card, you see two entries, where the first is when it was issued and the second that the credential was shared with Woodgrove.

Delete a verifiable credential from your Authenticator

You can delete a verifiable credential from the Microsoft Authenticator.Click on the credential card you want to delete to view its details. Then click on the trash can in the upper right corner and confirm the deletion prompt.

Deleting a verifiable credential from the Authenticator is an irrevocable process and there is no recycle bin to bring it back from. If you have deleted a credential, you must go through the issuance process again.

How do I see the version number of the Microsoft Authenticator app

On iPhone, click on the three vertical bars in top left corner
On Android, click on the three vertical dots in the top right corner
Select “Help” to display your version number

How to provide diagnostics data to a Microsoft Support representative

If during a Microsoft support case you are asked to provide diagnostics data from the Microsoft Authenticator app, follow these steps.

On iPhone, click on the three vertical bars in top left corner
On Android, click on the three vertical dots in the top right corner
Select “Send Feedback” and then “Having trouble?”
Select “Select an option” and select “Verified IDs”
Enter some text in the “Describe the issue” textbox
Click “Send” on iPhone or the arrow on Android in the top right corner

Next steps

Learn how to configure your tenant for Microsoft Entra Verified ID.

Tutorial - Set up and use Microsoft Authenticator with VerifiedID - Microsoft Entra Verified ID (2024)