Error: This Account Requires Multi-Factor Authentication
Overview
We recently updated the back-end App Registration which facilitates the Business Central public cloud sign-in process for Jet to remove features Microsoft is deprecating and replace them with newer technologies (Microsoft Graph). With this comes the necessity for users to re-authenticate their Business Central public cloud data source.
Error Messages Faced
As a result, users now may encounter the following error messages:
This account requires multi-factor authentication and your Jet Hub environment is not currently setup to support multi-factor authentication.
You are not authorized to access this data source. You must sign-in using your Microsoft 365 credentials for authorization.
-
Invoking the web service failed with the following message:
Exception of type
Jet.Shared.NavWebServiceOffice365AuthorizationMultiFactorAuth was thrown.
Application Approval Needed
To resolve this issue, please first try logging out and back into the data source under Jet > Settings > Data Source Settings > Authentication > Log Out > Sign in.
If the users receive the one of the following messages saying that admin approval is needed, the Microsoft Entra ID Administrator (not a Partner Delegated Administrator) needs to provide Administrator consent for the new Jet App in order for users to sign in against it.
Grant Consent
To grant consent, the Microsoft Entra ID Administrator will need to consent by logging into Business Central via Jet by going to Jet > Settings > Data Source Settings > Authentication > Sign in. Once done, they will get an option to Consent on behalf of your Organization being used in the tenant.
If you wish for users to be able to grant consent without additional administrator approval your Microsoft Entra ID (AAD) Global Administrator can configure user consent for apps from verified publishers.
Please see Microsoft's documentation for details on the process and more information: Configure how users consent to applications.
Re-authentication
Once consent has been granted, all users will need to log out and back into the Data Source Settings to re-authenticate by going to Jet > Settings > Data Source Settings > Authentication > Log out > sign in.