Search results
This help content & information General Help Center experience. Search. Clear search
- Sign In
Access Google Drive with a Google account (for personal use)...
- Sign In
- Overview
- Enable the Temporary Access Pass policy
- Create a Temporary Access Pass
- Use a Temporary Access Pass
- Delete an expired Temporary Access Pass
- Replace a Temporary Access Pass
- Limitations
- Troubleshooting
- Next steps
Passwordless authentication methods, such as FIDO2 and passwordless phone sign-in through the Microsoft Authenticator app, enable users to sign in securely without a password. Users can bootstrap Passwordless methods in one of two ways:
•Using existing Microsoft Entra multifactor authentication methods
•Using a Temporary Access Pass (TAP)
A Temporary Access Pass is a time-limited passcode that can be configured for single use or multiple. Users can sign in with a Temporary Access Pass to onboard other authentication methods including passwordless methods such as Microsoft Authenticator, FIDO2 or Windows Hello for Business.
A Temporary Access Pass also makes recovery easier when a user has lost or forgotten their strong authentication factor like a FIDO2 security key or Microsoft Authenticator app, but needs to sign in to register new strong authentication methods.
This article shows you how to enable and use a Temporary Access Pass using the Microsoft Entra admin center. You can also perform these actions using the REST APIs.
A Temporary Access Pass policy defines settings, such as the lifetime of passes created in the tenant, or the users and groups who can use a Temporary Access Pass to sign-in. Before anyone can sign-in with a Temporary Access Pass, you need to enable Temporary Access Pass in the authentication method policy and choose which users and groups can sign in by using a Temporary Access Pass. Although you can create a Temporary Access Pass for any user, only users included in the policy can sign-in with it.
Global administrator and Authentication Policy administrator role holders can update the Temporary Access Pass authentication method policy. To configure the Temporary Access Pass authentication method policy:
1.Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
2.Browse to Protection > Authentication methods > Policies.
3.From the list of available authentication methods, select Temporary Access Pass.
4.Click Enable and then select users to include or exclude from the policy.
After you enable a policy, you can create a Temporary Access Pass for a user in Microsoft Entra ID. These roles can perform the following actions related to a Temporary Access Pass.
•Global Administrators can create, delete, and view a Temporary Access Pass on any user (except themselves)
•Privileged Authentication Administrators can create, delete, and view a Temporary Access Pass on admins and members (except themselves)
•Authentication Administrators can create, delete, and view a Temporary Access Pass on members (except themselves)
•Global Reader can view the Temporary Access Pass details on the user (without reading the code itself).
1.Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
The most common use for a Temporary Access Pass is for a user to register authentication details during the first sign-in or device setup, without the need to complete extra security prompts. Authentication methods are registered at https://aka.ms/mysecurityinfo. Users can also update existing authentication methods here.
1.Open a web browser to https://aka.ms/mysecurityinfo.
2.Enter the UPN of the account you created the Temporary Access Pass for, such as tapuser@contoso.com.
3.If the user is included in the Temporary Access Pass policy, they see a screen to enter their Temporary Access Pass.
4.Enter the Temporary Access Pass that was displayed in the Microsoft Entra admin center.
The user is now signed in and can update or register a method such as FIDO2 security key. Users who update their authentication methods due to losing their credentials or device should make sure they remove the old authentication methods. Users can also continue to sign-in by using their password; a TAP doesn’t replace a user’s password.
Under the Authentication methods for a user, the Detail column shows when the Temporary Access Pass expired. You can delete an expired Temporary Access Pass using the following steps:
1.Sign in to the Microsoft Entra admin center as at least an Authentication Policy Administrator.
2.Browse to Identity > Users, select a user, such as Tap User, then choose Authentication methods.
3.On the right-hand side of the Temporary Access Pass authentication method shown in the list, select Delete.
You can also use PowerShell:
For more information, see Remove-MgUserAuthenticationTemporaryAccessPassMethod.
•A user can only have one Temporary Access Pass. The passcode can be used during the start and end time of the Temporary Access Pass.
•If the user requires a new Temporary Access Pass:
•If the existing Temporary Access Pass is valid, the admin can create a new Temporary Access Pass to override the existing valid Temporary Access Pass.
•If the existing Temporary Access Pass has expired, a new Temporary Access Pass will override the existing Temporary Access Pass.
Keep these limitations in mind:
•When using a one-time Temporary Access Pass to register a Passwordless method such as FIDO2 or Phone sign-in, the user must complete the registration within 10 minutes of sign-in with the one-time Temporary Access Pass. This limitation doesn't apply to a Temporary Access Pass that can be used more than once.
•Users in scope for Self Service Password Reset (SSPR) registration policy or Identity Protection multifactor authentication registration policy are required to register authentication methods after they've signed in with a Temporary Access Pass using a browser. Users in scope for these policies are redirected to the Interrupt mode of the combined registration. This experience doesn't currently support FIDO2 and Phone Sign-in registration.
•A Temporary Access Pass can't be used with the Network Policy Server (NPS) extension and Active Directory Federation Services (AD FS) adapter.
•If a Temporary Access Pass isn't offered to a user during sign-in:
•Make sure the user is in scope for the Temporary Access Pass authentication method policy.
•Make sure the user has a valid Temporary Access Pass, and if it's one-time use, it wasn’t used yet.
•If Temporary Access Pass sign in was blocked due to User Credential Policy appears during sign-in with a Temporary Access Pass:
•Make sure the user doesn't have a multi-use Temporary Access Pass while the authentication method policy requires a one-time Temporary Access Pass.
•Check if a one-time Temporary Access Pass was already used.
•Plan a passwordless authentication deployment in Microsoft Entra ID
Various services related to new/old driving licence or learner's licence like Appointment Booking, Duplicate driving licence, Application Status, Online test for learner's licence, etc.
Mar 2, 2021 · Temporary Access Pass is a game-changer that completes the end-to-end passwordless onboarding experience for your users. It is a time-limited passcode they can use to set up security keys and the Microsoft Authenticator without ever needing to use, much less know, a password!
Apply for temporary registration of a motor vehicle in Form 20 to the Registering Authority in whose jurisdiction the vehicle is or to the dealer dealing in the sale of New Motor Vehicles Recognised by the Transport Commissioner. Provide copies of Sale Certificate, Insurance Certificate and Road worthiness Certificate.
Mar 5, 2024 · A Temporary Access Pass (TAP) is a time-limited passcode that can be configured for single or multiple use. The Temporary Access Pass (TAP) allows the user to securely sign in to the Microsoft Cloud within a defined time period to set up additional authentication methods.
People also ask
What is temporary access pass?
What licence is required for the temporary access pass (tap) feature?
How do I enable temporary access pass?
What is a temporary access pass authentication methods policy?
Jun 22, 2022 · What is TAP? TAP is a time-limited passcode that allows users to register passwordless authentication methods and recover access to their account without needing a password.
