During activation Azure Authenticator application generates the following error message on Android device. This URL and code works on Apple and Microsoft mobile devices.
Unable to add the account. We couldn’t add the account as your device does not trust the activation URL. Please contact your IT administrator
- Try to activate the account using Apple or Microsoft device
- Verify the URL publishing configuration. Are you publishing the Microsoft MFA Mobile App using Windows Application Proxy?
Solution / Workaround:
The issue is not really related to MFA or certificate configuration. The issues is more related to how you publish the Mobile App URL to the internet. If you are using Web Application Proxy for publishing the URL (http://portal.sivarajan.com/2016/01/azure-mfapublish-mfa-portals-using-web.html), there is an issue with Server Name Indication (SNI) certifies and Android devices. You can try one of the workaround mentioned in that article.
Other option is to publish the Mobile app URL using some other method as mentioned here - http://portal.sivarajan.com/2016/01/azure-mfapublish-mfa-portals-using-web.html