ADFS 2019 Access control Policy - Permit from specific domain name

Question

User login to ADF using DomainA\UserID. I want to only allow users from DomainA login and get a claim using Access Control Policy.

What will be correct REgEx to match user login with DomainA and deny other domains? I Can do with UPN with UPN contain @domaina.com

Thanks

Answer 1

To create a rule to permit users from “DomainA” but deny all other domains in ADFS 2019 Access control Policy, you can use regular expressions as follows:

1. Open AD FS Management, click Access Control Policies > Action > Add Access Control Policy.
2. In the name box, enter a name for your policy, a description and click Add.
3. Under Permit access if any of the following rules are met, click Add.
4. In the Claim rule template drop-down list, select Send Claims Using a Custom Rule. See Figure 1.

Figure 1. What the interface looks like up too this point.

1. In the Custom rule box, enter the following regular expression:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "(?i)^DomainA\\.*"]

1. Under Deny access if any of the following rules are met, click Add.
2. In the Claim rule template drop-down list, select Send Claims Using a Custom Rule.
3. In the Custom rule box, enter the following regular expression:

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "(?i)^(?!DomainA\\).*"]

1. Click OK to save your policy

Please let us know if it works!

Answer 2

Perfect!

Thanks

Answer 3

Actually, I dont option to select custom rule template. can you send screenshot?

Thanks