Any form of Multi-Factor Authentication can cause connection issues with integrations. Where OneConnect integrations are concerned, there are three options to work around Multi-Factor Authentication:
- Disable Multi-Factor Authentication for the Service Account
The simplest and quickest strategy for an integration is to simply not have MFA enabled for the Service Account setup for OneConnect. Many MFA options allow the option of disabling this on a per-user basis.
- IP Whitelist
If your security policy will not allow disabling MFA on the OnePlan Service Account, the next best thing is to enable IP Whitelisting. Many MFA options will allow an account to login to Office 365 without any Multi-Factor requests if they enter through certain IP Addresses. If your security policy will allow this, work with your OnePlan representative to receive the list of IP addresses that pertain to your integration.
- Azure Relay
An Azure relay is an app that OnePlan can assist you in setting up on your network. When installed on an Azure or physical based server inside your network, the relay will periodically contact OneConnect to start any waiting jobs. This takes the normal requests coming from OnePlan's tenant and changes the source to the relay inside your network. Often, this is enough to bypass any MFA request, and allows your company to have control over the origination of integration requests. Contact your OnePlan representative to discuss the need for an Azure Relay. This could also be leveraged if direct external access is not available.
More info on Azure Relay: http://OnePlan.screenstepslive.com/s/product/m/oneconnect/l/848451-what-is-a-relay