Get-AdfsAdditionalAuthenticationRule
Retrieves the global rules that trigger additional authentication providers to be invoked.
Syntax
Get-AdfsAdditionalAuthenticationRule []
Description
The Get-AdfsAdditionalAuthenticationRule cmdlet retrieves the global rules that govern all applications that trigger additional authentication providers to be invoked. When the claim engine evaluates the additional authentication rules and determines that multiple factor authentication is required, the user is prompted to perform additional authentication. Use this rule only when all your applications are capable of performing web based credential collection through Active Directory Federation Services (AD FS). Applications that use protocols like WS-Trust will fail to obtain a security token if the trigger is true as a result of evaluation of the rules.
Examples
Example 1: Retrieve the global additional authentication rules
PS C:\> Get-AdfsAdditionalAuthenticationRule
c:[Type == "http://schemas.microsoft.com/2012/01/devicecontext/claims/isregistereduser", Value == "false"]
=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");
c:[Type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"]
=> issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");
This command retrieves the global additional authentication rules configured for AD FS. The output of the command shows that multiple factor authentication is required for all extranet access and all devices that are not joined to a workplace.
Inputs
None
Outputs
Related Links
피드백
https://aka.ms/ContentUserFeedback
출시 예정: 2024년 내내 콘텐츠에 대한 피드백 메커니즘으로 GitHub 문제를 단계적으로 폐지하고 이를 새로운 피드백 시스템으로 바꿀 예정입니다. 자세한 내용은 다음을 참조하세요.다음에 대한 사용자 의견 제출 및 보기