Skip to content

Setting up identities in a KeePass file for use with roadtx

Jump to bottom
Dirk-jan edited this page Nov 8, 2022 · 2 revisions

Several roadtx commands accept identities loaded from a KeePass file. To support MFA, the accounts need to be set up in a specific way. This page describes the process.

First, create the account in Azure AD if it does not yet exist.

Then, sign in with the account. In this example, I'm using the account [email protected].

image

The first sign-in will prompt you to change the password. Make sure to add a KeePass entry for this identity with the correct password.

image

Now set up MFA for the account by heading to https://aka.ms/mfasetup.

You may need to set up a different method first, but ultimately we want to setup an authenticator app. Configure whatever is required and then go to the authentication methods page:

image

When adding an authenticator app, select "I want to use a different authenticator app"

image

In the next step, select "can't scan image" to obtain the TOTP secret.

image

The secret should be added as an extra property in KeePass called otp: image

You can now click next. To test the secret, use the roadtx getotp command with your secret:

roadtx getotp -s secret

You can fill in this code in the confirmation tab.

For the best result, make sure to set the Authentication app as primary method in your account (preferably the only method!).

image

You should now be able to use the roadtx commands with the keepass database and automatic MFA.

Clone this wiki locally