This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 32%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
Hi All,
I have an application hosted on ADFS 2016 that requires custom authentication. The requirement is to have all users that are members of group ABC be able to access that app, as well as anyone coming in from internet (extranet) will be prompted for MFA. There are default Access Control Policies that 1. "Permit for a specific group" and 2. "Permit everyone and require MFA from extranet access", but i have not been successful in trying to put these together.
Below is what i have in my custom policy. I can access from on my company network, but cannot from extranet
Permit Users
Permit Users
From internet network
And from <Group ABC> group
And require Multi-Factor Authentication
Any help with the logic would be greatly appreciated!
Thanks,
Patrick
To allow users from group ABC to access the application without MFA when inside the company network, and prompt for MFA for users accessing the application from the extranet, you'll need to carefully define your policy rules.