ADFS 2019 Access control Policy - Permit from specific domain name

BlackCat 81 Reputation points
2023-04-01T01:06:02.3066667+00:00

User login to ADF using DomainA\UserID. I want to only allow users from DomainA login and get a claim using Access Control Policy.

What will be correct REgEx to match user login with DomainA and deny other domains? I Can do with UPN with UPN contain @domaina.com

Thanks

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,209 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Ed Harris 25 Reputation points
    2023-04-01T16:13:27.57+00:00

    To create a rule to permit users from “DomainA” but deny all other domains in ADFS 2019 Access control Policy, you can use regular expressions as follows:

    1. Open AD FS Management, click Access Control Policies > Action > Add Access Control Policy.
    2. In the name box, enter a name for your policy, a description and click Add.
    3. Under Permit access if any of the following rules are met, click Add.
    4. In the Claim rule template drop-down list, select Send Claims Using a Custom Rule. See Figure 1.

    User's image

    Figure 1. What the interface looks like up too this point.

    1. In the Custom rule box, enter the following regular expression:
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "(?i)^DomainA\\.*"]
    
    1. Under Deny access if any of the following rules are met, click Add.
    2. In the Claim rule template drop-down list, select Send Claims Using a Custom Rule.
    3. In the Custom rule box, enter the following regular expression:
    c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Value =~ "(?i)^(?!DomainA\\).*"]
    
    1. Click OK to save your policy

    Please let us know if it works!

    1 person found this answer helpful.

  2. BlackCat 81 Reputation points
    2023-04-01T03:58:10.26+00:00

    Perfect!

    Thanks

    0 comments No comments

  3. BlackCat 81 Reputation points
    2023-04-01T04:09:36.2266667+00:00

    Actually, I dont option to select custom rule template. can you send screenshot?

    Thanks

    0 comments No comments