Content
1,113 questions with Active Directory Federation Services tags
AD FS behavior from domain-joined computer
AD FS is present in an environment for SSO into various supported sites/apps once a user authenticates to the AD FS site - if a user logs into active directory on a computer joined to the same domain that AD FS uses for its claim provider, then opens a…
What ports are require to open between ADFS and WAP
I am going to implement new Azure AD tenant. My primary authentication method will be ADFS and PHS as backup method. For example, the servers name are as below ADFS name- ADFS01 WAP name- WAP01 Connect sync name- AADC01 Please can you help provide me…

Failed: federation between Google Workspace and Microsoft Entra ID
Hi! I'm trying to implement "federation between Google Workspace and Microsoft Entra ID" following this link: https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust but I keep getting the error…
Federated domain
Hi, We have a few custom domain names in Azure, but only one is Federated. How can we make another domain Federated?

Multiple AD FS servers linked to same domain
Hi We have an existing AD FS 2012 R2 server that is federated with a custom domain in Azure AD, lets say "MyDomain.com" used to perform Office 365 licensing via Citrix. I have built a new AD FS 2019 server and a Web Application Proxy (WAP)…

How do I configure IWA with ADFS 4.0 for G Suite?
Greetings, We have G Suite Sign-in configured to be federated with ADFS. Form-based authentication is working. We are unable to configure Integrated Windows Authentication (IWA). Kindly provide us with the steps to configure IWA. Steps followed …

Adding ADFS to existing AD Application
We have an existing .NET application that uses Active Directory to authenticate users and search for user/OU data using DirectorySearcher object. Our customer has several AD servers and would like our existing application to authenticate/search from a…

ADFS oAuth 2.0 Client Credential Grant, AD as authorizations(scope) store
Our scenario could be described this way. A back-end webapp service (in linux) uses the OAuth 2.0 Client Credential Flow (CCF) to request a token from ADFS. It passes its client_id and client_secret. Even if the BE service is considered…

Configure federation between Google Workspace and Microsoft Entra ID error AADSTS51004
Hello, After follow the steps of this guide https://learn.microsoft.com/en-us/education/windows/configure-aad-google-trust I'm testing the login. I am getting the redirect to google when try to sign in but after that I get this error: Request Id:…

Windows 10 Hybrid Join Automatic registration failed
Hello, I am having troubles to let Windows 10 Hybrid Join on startup. It is only working right now when the computer object is synchronised. Because the Windows 10 is a non-persistent VDI it needs to join on startup. I am getting the below error. The…

How to migrate users from on-prem environment to another on-prem environment?
Hello, I want to know how to migrate users from one on-prem environment to another on-prem environment? As in our scenarios we want to migrate lots of users from one on-prem environment to another on-prem environment. So can you please suggest and help…

How to perform Decommission of federation with password hash sync after migrated to cloud authentication
In office365 environment, we are going to migrate "federation with password hash sync" to "Cloud Authentication". After migrate to "Cloud Authentication", on premise AD will be removed, so we will perform Decommission of…
Establish federated identity credential / required RBAC role
Which Azure RBAC role is required to establish federated identity credential? https://learn.microsoft.com/en-us/azure/aks/learn/tutorial-kubernetes-workload-identity#establish-federated-identity-credential Following the error message this action is…
ADFS 4 - set REMOTE_USER from value of claim or claim store lookup
I have a web application that does auto-logon using REMOTE_USER http value that maps to a LDAP user of the same name. my issue is that the partner IDP is ADFS and i would like to use ADFS on my side of the trust in front of the web application (SP) I…

ADFS 3.0 Logout - allow two SAML Logout Endpoints
Hello, I have searched low and high for a solution but could not find a definitive answer if my problem can be solved. Even just knowing that it cannot be solved would be extremely helpful. We have a single identity service that has two DNS names…

How to configure Enhanced Security Admin Environment (ESAE) architecture (red forest)??
Hi, I want to know how to configure Enhanced Security Admin Environment (ESAE) architecture (red forest)? Actually I want to configure and test it first and then move to the current Microsoft’s recommendation method. But unfortunately I have not found…
Mailbox type is unable to change from user to office365 in the on-premises exchange portal.
Mailbox type is unable to change from user to office365 in the on-premises exchange portal. The mailbox type in Online Exchange Admin Center is user mailbox. though would like the mailbox type in the on-premises exchange portal to switch from user to…
Azure MFA to On-premises applications without ADFS and AzADAppProxy
Hi. I need to know what options do I have to force my internal apps to request Azure MFA when my clients access internally (or externally, published in the firewall). I don't want that my on-premises apps needs to go via application proxy via azure,…

Bi-directional trust in multi-forest and separation of a domain as two separate company
Hi, I have an environment where there is a domain which needs to be separated into 2 tenants. Currently the domains have been the same and there is a single azure tenant. Now, this needs to be separated into two, and there is bi-directional trust in…
What are the ways to migrate on-premise ADFS to Azure Cloud?
Please let me know what are the ways to migrate ADFS server to Azure cloud?