Tuesday, February 9, 2016

Azure Authenticator–Unable to add the account

Error:

During activation Azure Authenticator application generates the following error message on Android device. This URL and code works on Apple and Microsoft mobile devices.

Unable to add the account.  We couldn’t add the account as your device does not trust the activation URL.  Please contact your IT administrator

image

Troubleshooting steps:

  1. Try to activate the account using Apple or Microsoft device
  2. Verify the URL publishing configuration.  Are you publishing the Microsoft MFA Mobile App using Windows Application Proxy?

Solution / Workaround:

The issue is not really related to MFA or certificate configuration.  The issues is more related to how you publish the Mobile App URL to the internet.   If you are using Web Application Proxy for publishing the URL (http://portal.sivarajan.com/2016/01/azure-mfapublish-mfa-portals-using-web.html), there is an issue with  Server Name Indication (SNI) certifies and Android devices. You can try one of the workaround mentioned in that article.

Other option is to publish the Mobile app URL using some other method as mentioned here - http://portal.sivarajan.com/2016/01/azure-mfapublish-mfa-portals-using-web.html

1 comments:


Hi. Had this issue too. Checked for SNI on WAP etc, seemed configured ok. Turned out we didn't have the full chain imported with the certificate on the F5 load balancer VIP /Edge box infront of our Azure MFA IIS box. Once we imported the certificate with the full chain, we were all good. Combined Entrust, Root, Intermediate1, Intermediate2 & site Certificate into a text file and imported all together for the SSL client profile. Android didn't trust the certificate unless the full chain was part of it...

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More