question

shashanksaxena-6941 avatar image
0 Votes"
shashanksaxena-6941 asked jhueppauff commented

need to enable MFA on ADFS Server

Hello All,

I have Windows Server 2012 R2 ADFS server and I need to enable MFA for particular Relying Party Trust but before enabling MFA, I have certain question, could anyone answer please:
1. During the registration of MFA, can we make mandatory Microsoft Authenticator App as an option(not third party authenticator app)
2. Can we keep only particular method for authentication i.e Approve Sign-in

Regards,



adfsazure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

jhueppauff avatar image
0 Votes"
jhueppauff answered jhueppauff commented

Are you talking about the Azure MFA Server?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy

The plain MFA options of ADFS are quite limited

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @jhueppauff ,

Thanks for the response.

I need to know only about ADFS MFA(not on Azure MFA).

0 Votes 0 ·
jhueppauff avatar image jhueppauff shashanksaxena-6941 ·

AFAIK the out of the box experience with plain-ADFS is quite limited.
You can enforce a second factory for a trust. But the only option I think are client certificates unless you load a custom authentication provider
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs

0 Votes 0 ·

Hello @jhueppauff ,

So as I can understand that we are not able to enable MFA through phone or Authenticator app instead of we will enable it through certificate only, right?

Regards,
Shashank Saxena

0 Votes 0 ·
Show more comments