FederatedIdpMfaBehavior cannot be empty

HTYZ1380 0 Reputation points
2024-05-16T13:13:15.7+00:00

Hello

I executed New-MgDomainFederationConfiguration and tried to federate my Microsoft 365 custom domain to my third party IdP.

New-MgDomainFederationConfiguration -DomainId "my.custom.domain" ` 
-ActiveSignInUri "https://signinurl.of.idp" `   
-DisplayName "ServiceNameofidp" `  
-IssuerUri "https://issuer.of.idp" `   
-MetadataExchangeUri "https://url.from.idp" `   
-PassiveSignInUri "https://url.from.idp" `   
-SignOutUri "https://login.microsoftonline.com/logout.srf" `   
-SigningCertificate "MII_idp_signing_cert=="  | Format-List  

Then I saw below error message

New-MgDomainFederationConfiguration : FederatedIdpMfaBehavior cannot be empty 
Status: 400 (BadRequest) 
ErrorCode: Request_BadRequest  

I found the document about FederatedIdpMfaBehavior.

The document says that FederatedIdpMfaBehavior is used to configure who process the MFA(in my case, third party IdP or Entra ID).

https://learn.microsoft.com/en-us/graph/api/resources/internaldomainfederation?view=graph-rest-1.0#federatedidpmfabehavior-values

And FederatedIdpMfaBehavior is a successor of SupportsMfa of MsolDomainAuthentication command, which is planned to be obsoleted.

When I use MsolDomainAuthentication, SupportsMfa is not a required option. The command works well without SupportsMfa option.

According to below document, FederatedIdpMfaBehavior is not a required option too(Required: False).

https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.directorymanagement/new-mgdomainfederationconfiguration?view=graph-powershell-1.0

I could find below forum post, but I could not find the method to surpress or bypass the error message above.

https://techcommunity.microsoft.com/t5/microsoft-entra/problems-configuring-federation-to-saml-idp/m-p/4098212

Does anyone know if FederatedIdpMfaBehavior is a required or not?

If it is not requied, how can we execute New-MgDomainFederationConfiguration without FederatedIdpMfaBehavior?

Thanks in advance.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,050 questions
PowerShell
PowerShell
A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,218 questions
0 comments No comments
{count} votes