CBA, MFA, and AADSTS54008 Certificate is not supported as first factor

New Contributor

Greetings All,

 

I'm trying to get CBA MFA working for Azure AD, exchange online specifically, but I can't get past the following error:  AADSTS54008:  Multi-Factor authentication is required and the credential used (Certificate) is not supported as a First Factor.  Obviously, I have something configured incorrectly.  Does anyone have a suggestion?

 

What I'm trying to achieve is have our users login to Outlook online with their username and password and then have the option to select a user certificate as their second form of authentication.

 

Regards,

KB

4 Replies
When you configure CBA, you can define whether it's to be used as single- or multi-factor, so check for that. The Protection level toggle under auth methods > CBA > Configure.
Understood. I've set up two rules, which as I understand it, renders the toggle useless. I also have a conditional policy requiring MFA for the same users configured for Certificate-based authentication. If I remove the conditional access policy from the users, the authentication works and there is no error, but users can also sign in using their password only, which is unacceptable. I have to be missing something somewhere. As soon as I reinstate the conditional access policy, the error returns.

@KingBear @Vasil Michev 

Did you sort this out?

I encounter the same error in my test tenant, the user certificate is successfully mapped to my user.

If I switch the protection level over to "multifactor authentication" I get signed in without MFA prompt.

 

When I attempt to sign in with the protection level set to "single-factor authentication", sign-in fails with the error AADSTS54008: Multi-Factor authentication is required and the credential used (Certificate) is not supported as a First Factor. Contact your administrator for more information.

@manshellstrom   Yes sir.  The settings below work as desired for my tenant. 

 

Clipboard01.png

 

Be sure to check that you don't have any of policies in your tenant that may be conflicting.