If you are enforcing MFA on the RP which it sounds like you are, then you cannot exclude that 1 page on the ADFS side. You would need to stop enforcing it there and use something like conditional access in AAD to apply that MFA. Another option is to use TAP https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass. This code would be used against Azure AD directly and would allow them to register for Azure MFA.
ADFS 2019 | Multiple ADFS providers, proofup page
In our environment we need to offer two different MFA providers for employees (Thales) and students (Azure MFA). The selection based on groupmembership is working, but we ran into an issue with Azure MFA for students.
When students does not have a method enrolled in Azure, they need to ProofUp using the https://aka.ms/mfasetup page. But students needs to sign-in to this page, student is being redirected to ADFS and MFA is being forced by AdditionalAuthenticationRules. Is it possible to exclude proofup page from MFA?
If Azure is being used to enforce MFA (Conditional Access Policies), the page is being excluded from MFA. So it seems to possible?
1 answer
Sort by: Most helpful
-
Mark Morowczynski 251 Reputation points Microsoft Employee
2023-01-31T20:26:18.0333333+00:00