DEV Community

Brandon Rummel
Brandon Rummel

Posted on • Edited on

MFA Reset Workflow - Turing Insurance

A brief note: This document does not reflect the workflows of an actual company. It is based upon real workflows, but the company mentioned is fictional.

Scope/Platform

Scope: Guide for verifying and then resetting the MFA for a user.

Platform: Microsoft Authenticator, ServiceNow

Intro

This is an article about resetting the MFA of a user. It will cover verifying the user, and the MFA reset process itself in checklist format.

Who is this for?

This article is for Help Desk Technicians tasked with resetting MFA for users who cannot access their MFA.

Prerequisites

In order to carry out the steps as written, the Help Desk Technician must have admin level access to all relevant systems.

Verifying the User

NOTE: YOU MUST TYPE 'DONE' AFTER EVERY STEP.
NOTE: YOU CAN ALWAYS FIND EMPLOYEE OFFICE LINES AND CELL #'s IN EMPLOYEE CONTACT LIST ONENOTE. CONTACT HR IF NUMBER CANNOT BE FOUND.

Verify the user using the following methods. The method you use will be determined by how the user contacts you.

Method #1: Phone call verification.
Use this if you have been contacted by email or via ServiceNow INC Ticket
A. Open/Create INC Ticket in ServiceNow -
B. Call the User on their office or personal line -
C. User confirms their work username, employee ID and manager name -

Method #2: Email Verification
Use this if you have been contacted through the Help Desk Service Line or directly by a user
A. Open/Create INC Ticket in ServiceNow -
B. Send an email to the user's work email address via Outlook -
C. User confirms their work username, employee ID and manager name -

MFA Reset Process Part 1 (Admin Center)

NOTE: IF MFA CANNOT BE RESET HERE, ESCALATE IN HELP DESK CHAT
A. Log into Microsoft Admin Center with your Admin Creds -
B. Select Users > Active Users > User in question -
C. Select Multi Factor Authentication -
D. Log Into Entra Admin Portal -
E. Select the user and click User MFA Settings -
F. Select Require selected users to provide contact methods again
G. Click Save

MFA Reset Process Part 2 (User Steps)

NOTE: YOU MUST WALK THE USER THROUGH THESE STEPS DIRECTLY VIA PHONE CALL
A. Have the user go to aka.ms/mfasetup -
B. Have them select I can't use my Microsoft Authenticator app right now and verify via phone call -
C. Have them open Microsoft Authenticator on phone and select the Plus Sign -
D. Select Work or school account > Scan QR Code -
E. On their computer, have them select Add sign in method -
F. Click through Microsoft Authenticator ** > **Next > Next > Scan QR Code
G. Have the user scan QR Code with their phone and click Next -
H. Have user enter verification code into phone -

Final Steps

A. Verify MFA is setup in Admin Portal -
B. Paste the above Checklist into INC ticket -
C. Post Ticket Number in MFA Chat for tracking -

Top comments (0)