To create a rule to permit users from “DomainA” but deny all other domains in ADFS 2019 Access control Policy, you can use regular expressions as follows:
- Open AD FS Management, click Access Control Policies > Action > Add Access Control Policy.
- In the name box, enter a name for your policy, a description and click Add.
- Under Permit access if any of the following rules are met, click Add.
- In the Claim rule template drop-down list, select Send Claims Using a Custom Rule. See Figure 1.
Figure 1. What the interface looks like up too this point.
- In the Custom rule box, enter the following regular expression:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "(?i)^DomainA\\.*"]
- Under Deny access if any of the following rules are met, click Add.
- In the Claim rule template drop-down list, select Send Claims Using a Custom Rule.
- In the Custom rule box, enter the following regular expression:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "(?i)^(?!DomainA\\).*"]
- Click OK to save your policy
Please let us know if it works!