Create TAP for user

Action compatibility

This action is compatible with all Azure AD accounts except B2B and OnPremise synced accounts. It is also unavailable for accounts with an existing TAP authentication method.

Required Permission

Action Area:		Required Permission:	Helpdesk Permissions Multifactor Authentication Methods Temporary Access Passcode (TAP) Method Create TAP for user

See My Access - Page for more information

Action Description

A Temporary Access Pass (TAP) is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials. During their active timespan, TAPs will act as the first and second factors. TAPs can either be scheduled to become available/active later or configured to become active immediately.

Accounts may only have one TAP configured. To create a new one, supporters must delete the existing TAP first.

When to use this action?

This functionality can generate secure initial passwords for timed new user onboarding. It may also help users regain access if they lose all second-factor methods (e.g., an iPhone falls into a lake, and both the phone call authentication method and the authenticator app are lost).

Remote actions overview

Sync Managed Device

Retire Managed Device

Delete Azure device registration

Wipe Managed Device

Reset/Remove Device Passcode

Change Device Ownership

Managed Apps Sign-out

Get Local Admin Password

User Password Reset

Create TAP for user

Delete existing TAP

Add Phone MFA method

Delete Phone MFA method

Create TAP for user

Action compatibility

Required Permission

Action Description

When to use this action?