Duo MFA with ADFS - Microsoft PowerApps/Flow working?

#1

Hello all,
I’m preparing to enable Duo’s ADFS adapter to secure our Office 365 deployment, however I’m a little bit concerned with how this will affect the cloud-to-cloud connections within Microsoft’s PowerApps and Flow products. My main concern is that I’m going to need to come back in to Flow or in to PowerApps and re-authorize the connections frequently, which negates a lot of the automation efficiencies.
Because connections are commonly created under normal user credentials I can’t disable MFA for those accounts, either. I thought about trying to track down the public IP’s that these services use, but even in the off-chance that I can find that info it isn’t a great solution since they’ll be subject to frequent change.

Any ideas how I should handle this?

#2

I recommend using claims rules. If you can determine the User Agent or other identifying information used with PowerApps and Flow, you can exempt them from the multipleauthn claim.

I also recommend referencing this guide for advanced AD FS client configuration: https://help.duo.com/s/article/3174