To allow users from group ABC to access the application without MFA when inside the company network, and prompt for MFA for users accessing the application from the extranet, you'll need to carefully define your policy rules.
ADFS 2016 - Custom Access Control Policy
Hi All,
I have an application hosted on ADFS 2016 that requires custom authentication. The requirement is to have all users that are members of group ABC be able to access that app, as well as anyone coming in from internet (extranet) will be prompted for MFA. There are default Access Control Policies that 1. "Permit for a specific group" and 2. "Permit everyone and require MFA from extranet access", but i have not been successful in trying to put these together.
Below is what i have in my custom policy. I can access from on my company network, but cannot from extranet
Permit Users
From <Group ABC>
Permit Users
From internet network
And from <Group ABC> group
And require Multi-Factor Authentication
Any help with the logic would be greatly appreciated!
Thanks,
Patrick