1,186 questions with Active Directory Federation Services tags

Sort by: Updated
1 answer One of the answers was accepted by the question author.

ADFS authentication

Hi, Our users are having what seems like an ADFS authentication error code: Reference number: d270fca6-e14e-4af0-80eb-efb29c74e535" When I explored further it seems it has to do with authentication certificate as I received this message…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-02-06T11:15:54.14+00:00
Peter Osazuwa 21 Reputation points
commented 2020-04-21T13:03:48.693+00:00
Peter Osazuwa 21 Reputation points
4 answers

ADFS RP to Azure AD RP Migration

Hello, We are in the process of moving our Relay Parties trusts from on prem ADFS to Azure AD. I have a party trust setup with WebEx and it inlcudes some custom claim rules. Can someone help me in the proper formatting of these claims in Azure AD SSO? …

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-04-09T13:27:36.313+00:00
DT_Support 21 Reputation points
answered 2020-04-17T18:15:12.137+00:00
DT_Support 21 Reputation points
2 answers One of the answers was accepted by the question author.

Private Personal Identifier with 2 nodes ADFS : how generate same PPID from both servers ?

I try to generate a PPID claim on ADFS windows 2019 with the rule (from https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/technical-reference/when-to-use-a-custom-claim-rule) : c:[Type ==…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-09T10:28:27.22+00:00
DS 106 Reputation points
commented 2020-04-16T17:06:34.277+00:00
DS 106 Reputation points
1 answer

ADFS via Internet

Dear Technet, hope you can help me moving forward. I have a WebApp Proxy with ADFS (V4) in place. Is it possible to use SSO via Internet: take my laptop (AD member) outside of the network, connect it via mobile phone to the Internet and access then a…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-04-16T11:15:26.807+00:00
Christoph Thurnheer 81 Reputation points
answered 2020-04-16T13:12:54.667+00:00
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
1 answer One of the answers was accepted by the question author.

ADFS - Append String to End of Attribute Passed

Good morning, I'm dealing with a challenge with the value passed by ADFS to an application in a particular attribute. Here is what he have for the value passed in the Claim Rule: c:[Type ==…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-04-15T15:58:33.3+00:00
Greg 26 Reputation points
accepted 2020-04-15T19:14:46.823+00:00
Greg 26 Reputation points
1 answer

Bypass MFA for Apple DEP+Intune enrollment at on-prem ADFS 2016

Hello there, Looking for an advise on how to best overcome the following limitation. We're trying to enroll Mac devices with DEP enrollment and Intune. When binding the Mac to a user during install, it tries to log on and verify membership and…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-27T10:09:06.873+00:00
Denys Dmytrenko 1 Reputation point
commented 2020-04-15T09:38:37.09+00:00
Denys Dmytrenko 1 Reputation point
1 answer One of the answers was accepted by the question author.

If i set an EnrollmentAgentCertificateTemplate

Hi All, If i set an EnrollmentAgentCertificateTemplate does this effect all my Relying party trust? I like todo this: windows-virtual-desktop-sso

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-04-07T21:13:14.717+00:00
Clinton van Axel 21 Reputation points
accepted 2020-04-14T17:35:37.86+00:00
Clinton van Axel 21 Reputation points
1 answer One of the answers was accepted by the question author.

Adding second ADFS

Hello, guys. I have one on-prem vm, with adfs role installed. On this vm i have already configured azure ad connect, with public ssl installed. ADFS use mssql db. Sync and authorization in office 365 on this adfs server works fine. I want to add…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-04-08T09:02:02.317+00:00
HavrilyukRoman 21 Reputation points
accepted 2020-04-08T13:36:03.45+00:00
HavrilyukRoman 21 Reputation points
2 answers One of the answers was accepted by the question author.

Failed to add ADFS4.0 to farm

I have two ADFS 3.0 servers and two ADFSproxy servers(DMZ). All located in Azure. The machines all or load balanced. Now i try to add a windows 2016 server (ADFS 4.0) on a different VNET but peer with the old VNET. When i try to add the ADFS 4.0…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-26T15:21:11.7+00:00
Clinton van Axel 126 Reputation points
commented 2020-04-06T19:30:40.343+00:00
Clinton van Axel 126 Reputation points
5 answers

How to connect two on-premise domain controllers (not in the same network) to a single AzureAD

Good afternoon, everyone, Someone could tell me if it is possible to connect two domain controllers to a single Azure AD. Let me explain: I work in a IT company and we offer remote offices to our clients. Authentication in our remote offices is…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-04-03T12:01:58.59+00:00
Bastien1920 1 Reputation point
answered 2020-04-05T23:56:37.307+00:00
Jesse Coyne 1 Reputation point Microsoft Employee
1 answer

ADFS SSL renewal issue

Hello All, we got new SSL certificate to udpate ADFS WAP and ADFS server imported the SSL certificate local store and provided the service accout full control select set service communication as primary -done ADFS management shows new service…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-31T18:23:53.87+00:00
Aamir Masthan 41 Reputation points
commented 2020-04-04T08:47:29.54+00:00
Konrad 'Sagus' Sagala 81 Reputation points MVP
4 answers

AD FS SAML sign on with Azure AD Enterprise APP: AADSTS20001: The sign-in response message does not contain an issued token.

Hello everyone, I'm configuring trying to configure an IIS based Web App to accept a SAML authentication flow shaped this way: An Azure tenant on which some users are provisioned acts as IdP and is federated with AD FS for the SAML authentication…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-03-18T15:22:38.883+00:00
Luster Mark 1 Reputation point
answered 2020-04-03T09:34:00.93+00:00
soumi-MSFT 11,716 Reputation points Microsoft Employee
1 answer

ADFS Administrator Account

Good morning, I'm trying to update our Azure AD Connect to allow hybrid join of devices through ADFS. However, no matter what account I use, whether it is a local admin on the adfs server, or a domain admin, enterprise admin, schema admin, etc I…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-01-23T18:44:48.56+00:00
Derek Harbun 6 Reputation points
commented 2020-03-28T00:15:44.2+00:00
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
1 answer

onprem ADFS Conditional Access policies

Hello all We are currently using ADFS 2.0. We are federated with O365 and Azure using Azure AD Connect and onprem ADFS. We are doing DUO MFA onprem via ADFS claims rule. My question is can we take full advantage of CA policies if we are still using…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-03-25T20:28:51.767+00:00
skip hofmann 46 Reputation points
commented 2020-03-25T23:08:21.047+00:00
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
0 answers

How to access ADFS externally with web app

Hello! I really need someone to help me out now since i spent days learning and doing labs and i finally made it but not completely. I have 3 VMs, 1 DC, ADFS server and ADFS proxy server with 2 NICs. Internally i can reach the ADFS login page with…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-19T14:45:51.913+00:00
Tuff Gong 6 Reputation points
commented 2020-03-25T21:19:45.367+00:00
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
2 answers One of the answers was accepted by the question author.

Select domain at ADFS login page

My ADFS connect to two AD Domain for authentication, can I let users select the domain they belong instead of typing the domain name?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-23T08:36:36.393+00:00
Hau Kit Wong 71 Reputation points
commented 2020-03-25T11:17:52.857+00:00
Hau Kit Wong 71 Reputation points
1 answer One of the answers was accepted by the question author.

ADFS 3.0 error 364 (msis 7042) on ADFS + error 224 on ADFS PROXY maybe after windows update

Hi all! Dynamics on premise, exposed with ADFS 3.0 and ADFS PROXY So i have this scenario: 1 vm x sql (lan) 1 vm x dynamics (lan) 2 vm x dns and dc (lan) 1 vm x adfs (lan) 1 vm x adfs proxy (Dmz) After windows update for windows 2012 r2 on…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-24T13:59:29.21+00:00
Mattia Minervini 101 Reputation points
accepted 2020-03-24T18:22:23.003+00:00
Mattia Minervini 101 Reputation points
0 answers

adfs exchange

dears, i have 2 2016 exchange servers configured in dag mode. external urls are not published. users can connect just internally. the client recently asked to publish it externally using web app proxy. i have seen that this needs an adfs server to…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-18T17:37:14.917+00:00
eg1995 1,126 Reputation points
commented 2020-03-23T16:28:42.177+00:00
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
0 answers

ADFS idpinitiatedsignon SAML assertion not signed

I am trying to extract SAMLResponse assertion via https://<adfs_domain>/adfs/ls/idpinitiatedsignon using a webview. The problem is that the SAMLResponse assertion is not signed and the signature is not included inside the assertion. As a result…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
asked 2020-03-12T10:27:05.86+00:00
Alexander Kalavitis 1 Reputation point
commented 2020-03-20T17:16:04.06+00:00
Pierre Audonnet - MSFT 10,166 Reputation points Microsoft Employee
1 answer

ADFS - AAD integration - No AzureAD Connect - SAML ImmutableID error

Hello everyone, I'm working on enabling login to an adfs-federated Enterprise Web App through AAD SAML. I haven't found any good documentation on the matter (or blogpost) which describes my specific usecase so I'm mostly doing trial and error. I know…

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,186 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
asked 2020-03-18T09:47:55.573+00:00
Domenico Bochicchio 16 Reputation points
commented 2020-03-18T12:02:25.64+00:00
Domenico Bochicchio 16 Reputation points