question

vamshikrishna-2060 avatar image
0 Votes"
vamshikrishna-2060 asked emsgeoff answered

configuring ADFS for MFA windonws 2019

Hi Team,

I was trying configure MFA per-relying party trust that is based on a user's group membership data


$MfaClaimRule = "c:[Type == '"https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid'", Value =~ '"^(?i) <group_SID>$'"] => issue(Type = '"https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod'", Value '"https://schemas.microsoft.com/claims/multipleauthn'");"

above command is not working. 77774-mfa.jpg


azure-ad-multi-factor-authentication
mfa.jpg (24.9 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@vamshikrishna-2060
Thank you for your post and I apologize for the delayed response!

So my team and I can gain a better understanding of your issue, would you be able to provide the documentation you're following?


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·
emsgeoff avatar image
0 Votes"
emsgeoff answered

@JamesTran-MSFT He is following acticle https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-authentication-policies
Look under "To configure MFA per-relying party trust that is based on a user's group membership data", if you copy and paste the code there is a formatting issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

emsgeoff avatar image
0 Votes"
emsgeoff answered

Here is the proper format that should work for you

$MfaClaimRule = 'c:[Type == "https://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-21-2526025855-2090947552-105674"] => issue(Type = "https://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "https://schemas.microsoft.com/claims/multipleauthn");'

Set-AdfsAdditionalAuthenticationRule $MfaClaimRule

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.