How to Get Access Token from Postman when you have an MFA enabled in the AD
First, Let's learn how to get an access token if MFA is not enabled.
To get the token you need to pass the below parameters.
- grant_type (password - hard code)
- client_id
- client_secret
- scope (user.read)
- username (AD username)
- password (AD password)
For TenantId, ClientId and Client_Secret. You can log in to the Azure portal and then the Azure active directory --> App Registrations --> Check your app registration or add new registration.
Once you call this method, you will get the access token.
Note: If MFA is enabled then you will get the below error.
To solve this issue, you need to follow the steps below.
Step 1: You need to open the URL in the browser mentioned below. Make sure to add your tenantId, clientId, and redirect URL. Redirect URL, you can set any value in the redirect URL in App Registration of Azure Portal and pass the same redirect URL here.
https://login.microsoftonline.com/{{tenantId}}/oauth2/v2.0/authorize?
client_id={{clientId}}
&response_type=code
&redirect_uri=https://localhost:44321/
&response_mode=query
&scope=https://graph.microsoft.com/User.Read
&state=12345
The snapshot below explains that you can get a set redirect URL in App Registration.
Step 2: Copy the URL and paste it into the notepad. You will see this URL has 3 parameters - Code
- State
- Session_state
Copy only the code part.
https://localhost:44321/?code=0.AUUAV8CEcnhAcEGSwBvLEcVSaUBShxdFPBtDqBWzMDbIrtRFAH4.AQABAAIAAAD--DLA3VO7QrddgJg7WevrOJWL51jAIIL76f1jPOMwfGpCGDOkHmxnYhixC2A4SFRJE5cf_AOpaELqjrxJA-MbPvCIBDfWLZtjo2zVw2AQ2CfagTN2gMsErjuSsTzsFNwg7AGEMBZ1D_hpekpVjwS7OpliDUAL1iS4fiUq0iWWbDZNohQFFtQbgmKLh-EKCuyFRyqMSiZZPOW20S6J-6r6TCB-SPMEG7RrlsWaXMxLuSJpripTV9_4FlXJg0oZmvogiGmuVQ9U1ckhTsMZmFps4F-3PNxEZRXAvLFEbDQPP5KnB8zGKGB_px5B5m1NTDkKhck9-WW0yTVeJiuyTmbtofvu1exYQLJv8we6F11rUaEG6ogtW6qAZQbOElIrtNQ_aYQ5Gkd9KUnJNFOFGmtEsVXAhxVfFZ6uFLio6TzjcDm12u_CUNeewDCrR5QuOK1JrDeq2yjHx3lD-h0SMAFD6CG5K6vqpwgv7MqVPONJas09AvD3rQpoFgpGuSF997NJiCguYPkXpW6fYYH9-1aJE9Qob3GGzlcSCTO0OBseN95oprKTT4246scT-_VsOXMca36bgPOsNDPMRfxTy9nSZaZmugJDxlijfKEUXcYbFtUZjKD2Cz3OQC1rGJF03db7cOdYuRGCSTy-C28CnYikIAA&state=12345&session_state=9e429398-8f47-4210-a2b4-72866178d144#
Step 3: Call the endpoint again in the postman. This time parameters are different. We need to pass below 5 parameters. The code parameter is where we need to paste that code.
- grant_type (authorization_code - hard code)
- client_id
- client_secret
- code (authorization code that you recently get from the browser)
- redirect_uri (same that you passed in the above parameter)