I have an application hosted on ADFS 2016 that requires custom authentication. The requirement is to have all users that are members of group ABC be able to access that app, as well as anyone coming in from internet (extranet) will be prompted for MFA. There are default Access Control Policies that 1. "Permit for a specific group" and 2. "Permit everyone and require MFA from extranet access", but i have not been successful in trying to put these together.
Below is what i have in my custom policy. I can access from on my company network, but cannot from extranet
From <Group ABC>
From internet network
And from <Group ABC> group
And require Multi-Factor Authentication
Any help with the logic would be greatly appreciated!