Today we announced the general availability of our passwordless solution and the public preview of Temporary Access Pass in Azure Active Directory. Temporary access pass is a game changer that completes the end-to-end passwordless onboarding experience for your users. It is a time-limited passcode they can use to set up security keys and the Microsoft Authenticator without ever needing to use, much less know, a password!
I’ve invited Inbar Cizer Kobrinsky, a senior program manager on the Identity Security team, to share more details about Temporary Access Pass.
Alex Simons (Twitter: @alex_a_simons)
Corporate Vice President Program Management
Microsoft Identity Division
We created Temporary Access Pass to address many of your passwordless account onboarding and recovery scenarios. In this post, I’ll introduce you to its capabilities and share why you should try it for yourself.
For a user to truly be passwordless, they shouldn’t know or use their password, and instead use passwordless authentication methods and recovery if they lose their authentication devices.
Temporary Access Pass is a time-limited passcode that allows users to register passwordless methods authentication and recover access to their account without a password.
The authentication methods policy helps to harden the security around Temporary Access Pass issuance based on your needs. For example, you can limit it to specific users and groups, limit the use for a short period, or set it for one-time use. After enabling the Temporary Access Pass policy, you can then create a Temporary Access Pass for your users.
Temporary Access Pass authentication method policy
The updated user authentication method page allows a privileged authentication administrator and an authentication administrator to create a Temporary Access Pass for a user, within the allowed limits of the Temporary Access Pass authentication methods policy.
Creating a new Temporary Access Pass on a user from the Azure AD portal
Once a user has a valid Temporary Access Pass, they can use it to sign in and register a FIDO2 key from the My Security Info page or register for passwordless phone sign-in directly from the Authenticator app.
Sign in to Azure AD with Temporary Access Pass
You can learn more about how to configure Temporary Access Pass in documentation.
Some of you may have existing applications for new employee onboarding experiences. Temporary Access Pass is available through the Microsoft Graph APIs, so you can incorporate it into your existing applications. Get details on TAP authentication method APIs and on how to use the policy APIs.
Give it a try and let us know if you have questions or feedback. I hope you will love it as much as we do!
Inbar Cizer Kobrinsky (@inbarck),
Senior Program Manager,
Microsoft Identity Division
Learn more about Microsoft identity: