Onetime passcode authentication via email is an Azure AD feature and currently still in preview. The preview function must be activated in Azure AD under User Settings -> Manage external collaboration settings:
Users who
want to use Onetime Passcode for login must login using a link that contains
the Tenant context. For example: https://%tenant
name%.sharepoint.com/teams/demo
User experience for Onetime Passcode
When accessing an Office 365 resource, the user is prompted to authenticate. It does not matter whether the access is done via the browser or via an app. If an Onetime Passcode is used for authentication, the dialog looks like this:
Onetime
Passcodes are valid for 30 minutes. After 30 minutes, the respective one-time
passcodes is no longer valid and the user must request a new one. Sessions
expire after 24 hours.
Administration / Inviting a guest user via Onetime Passcode
To enable a guest user to log in via the Onetime Passcode feature, they must be created/invited as follows. The guest user is invited in Azure AD to the Microsoft 365 group belonging to the SharePoint site or Microsoft Team with his email address:
When clicking on the link in the mail, the steps described under "User experience for Onetime Passcode" will follow. It depends on the user / account whether he can log in via username & password or the Onetime Passcode option is used. The user will receive an email / Onetime Passcode if:
- He does not have an Azure AD account.
- He does not have a Microsoft account (Live ID)
At the time
of invitation, there is no way to verify whether the user being invited will
use the Onetime Passcode option or not. The option, if enabled in the tenant,
is available as a fallback if no other authentication method can be used.
Keine Kommentare:
Kommentar veröffentlichen