Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
624 questions
1,204 questions with Active Directory Federation Services tags
3 answers
Azure MFA to On-premises applications without ADFS and AzADAppProxy
Hi. I need to know what options do I have to force my internal apps to request Azure MFA when my clients access internally (or externally, published in the firewall). I don't want that my on-premises apps needs to go via application proxy via azure,…
asked 2023-06-17T15:00:56.0166667+00:00
Miguel Gonçalves
81
Reputation points
edited an answer 2024-02-19T06:42:52.28+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 38%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Canming Jiang
1
Reputation point
1 answer
One of the answers was accepted by the question author.
How can a service account in active directory sign in to azure with adfs?
Hi, How can a service account in active directory sign in to azure with ADFS? It seems like when using ADFS, the domain user has to enter his credentials to a login page. What should a service account do in the same case (as it is not an interactive…
asked 2024-02-15T11:20:34.6033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 64%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Adi Malyanker
65
Reputation points
edited a comment 2024-02-15T14:46:16.9533333+00:00
Adi Malyanker
65
Reputation points
1 answer
One of the answers was accepted by the question author.
Delegated permission to access Entra ID page?
As per this security article, I have ensured that Restrict access to the Azure AD administration portal is set to Yes**.** What is the custom Azure AD / Entra ID role I must create that allows the user access to the access below page as read-only: …
asked 2024-02-08T05:53:48.7133333+00:00
EnterpriseArchitect
4,866
Reputation points
commented 2024-02-15T05:29:43.5666667+00:00
EnterpriseArchitect
4,866
Reputation points
1 answer
One of the answers was accepted by the question author.
About exchnage schema extention in AD
Mailnickname attribute is absent in my AD which I need for AADC sync so I install Exchnage server 2019 in AD and run setup command which continuosly giving me error First of all I want to ask is my method is correct? or Can we extent Exchnage schema…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 66%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
1 answer
About sharepoint schema extention in AD
I want to ask the method for Sharepoint Schema extention in AD I have searched but not found any document which satisfy my need Is there anyone who knows how to do it? Or any usefull docs??
asked 2024-02-08T11:25:33.2033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 79%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
jennyKim
240
Reputation points
commented 2024-02-14T06:29:49.75+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 5%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
RaytheonXie_MSFT
31,846
Reputation points Microsoft Vendor
0 answers
Unable to add second ADFS server to existing farm (MSSQL and gMSA)
Hello, My first Server 2019 ADFS server is working fine, but for HA purposes I wanted to add a second one. I already made sure that my GMSA, which is just named "ADFS-GMSA" works fine with my MSSQL server. I was following the instructions here:…
1 answer
One of the answers was accepted by the question author.
MailNickname attribute is missing from Attribute Editor
In My case the mailnickname attribute is missing from AD and I want to modify the nick name Can anyine tell why this is happening to my ad I want to modify the nickname from GUI rather the PS Thank you
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
0 answers
How to federate multiple AzureAD Enterprise Applications with same on-premise ADFS Farm?
Hi there We have Enterprise Application in Azure AD tenant that federates with an on-premise ADFS farm. In the SAML config, we specify the identifier URL for the ADFS farm, and this works okay. We want to create a second Enterprise…
asked 2021-09-01T22:52:27.43+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 73%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
Vladimir Maricic
6
Reputation points
commented 2024-02-06T13:21:19.1933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
14,826
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Questions regarding on-prem MFA integrated with on-prem Azure and credentials
I need to change the credentials used by MFA ADFS Adapter on my on-prem ADFS farm. The farm consists of 3 Windows Server 2016 systems using a WID database. Would it just be a matter of updating the relevant config file and running the registration cmdlet…
asked 2024-01-08T19:59:32.2633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Rice, Kevin J
20
Reputation points
accepted 2024-02-05T16:37:42.4566667+00:00
Rice, Kevin J
20
Reputation points
1 answer
Integrating Azure AD with On-premises AD, but without syncing users to Azure AD
We are looking to integrate Azure AD with On-premises AD, but without syncing users to Azure AD to save us the cost of having them stored on Azure with the licenses required. We need eventually to authenticate users through the on-premises AD and to…
asked 2024-01-11T20:56:36.0233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 54%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Mina Gobrial
0
Reputation points
commented 2024-02-02T06:13:12.9066667+00:00
Sandeep G-MSFT
14,826
Reputation points Microsoft Employee
1 answer
Migrate settings from AD FS Win 2012R2 to Windows Server 2016
Hello everyone We currently have a Windows Server 2012R2 with the ADFS function in use which is connected to Azure. Due to problems that always occur with the WID and the old Windows Server version on the AD FS Server, I have installed a new Windows…
asked 2024-01-31T09:16:42.54+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 89%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DeepDiveMessage
0
Reputation points
edited an answer 2024-02-01T23:05:24.8933333+00:00
JimmySalian-2011
41,926
Reputation points
2 answers
The User Profile Service service failed the sign-in. User Profile cannot be loaded
The User Profile Service service failed the sign-in. User Profile cannot be loaded
asked 2024-02-01T10:10:06.6433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 87%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Pawan Srivastava
0
Reputation points
edited the question 2024-02-01T21:07:23.3366667+00:00
JamesTran-MSFT
36,461
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Migrating away from on prem ADFS to Entra ID still authenticating on prem.
Greetings, We are running an on prem ADFS (version 2019). One of the main activities we use ADFS for is acting as an STS for our API via service to service communication. Our clients (API consumers) are configured as trusted claim providers, in other…
asked 2024-01-19T14:51:10.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 48%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Bjarki Björgúlfsson - RB
20
Reputation points
commented 2024-01-31T17:48:53.19+00:00
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA
27,331
Reputation points
1 answer
Newly setup Hybrid Modern Authentication on on-prem Exchange, fails to authenticate with error 2002
Hello Team, Configured HMA on existing on-prem exchange server. Then to test it out when I use a Outlook on desktop, looks like I can see ADFS page, but past that I fail to authenticate, with this error.
asked 2023-04-08T04:16:57.7133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 3%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGB%3C/text%3E%3C/svg%3E)
Gautam Badveeti
0
Reputation points
answered 2024-01-31T08:52:15.6533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 59%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dzmitry Khouryn
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How can I get the Owner and the 'Users and Group' assigned to the Enterprise Application or Service principal
Using PowerShell Microsoft Graph, how can I get/retrieve the list of Owners and the 'Users and Group' assigned to the Enterprise Application or Service principal? When I tried using the below cmdlet, it threw an error about the object cannot be…
asked 2024-01-30T06:26:30.63+00:00
EnterpriseArchitect
4,866
Reputation points
commented 2024-01-31T06:04:22.2+00:00
EnterpriseArchitect
4,866
Reputation points
2 answers
One of the answers was accepted by the question author.
ADFS Single signon issue with external idp - SAML 1.1 Assertion is missing ImmutableID of the user
I have office 365 + Onperm AD + ADFS for federation. I have configured Shibboleth as a second Claims provider (MFA enabled). When I tried to login to office 365, I get Windows AD and Shibboleth as options, when I click on Shibboleth, I get authenticated…
asked 2024-01-19T21:39:26.7266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 43%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDL%3C/text%3E%3C/svg%3E)
Dinesh Loganathan
25
Reputation points
accepted 2024-01-26T15:20:26.48+00:00
Dinesh Loganathan
25
Reputation points
1 answer
Set up synchronization between Active Directory and Google Workspace
Hello, First, happy new year to all! Let me set the scene quickly. I work for a company that uses a hybrid Azur Active Directory, but we've acquired a company using Google Workspace that we need to keep for operational reasons. Using Active Directory AND…
asked 2024-01-16T07:33:51.0433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 47%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELY%3C/text%3E%3C/svg%3E)
Lord Yorwan
5
Reputation points
commented 2024-01-25T21:14:09.0366667+00:00
JamesTran-MSFT
36,461
Reputation points Microsoft Employee
1 answer
ADFS token-signing certificates and token-encryption certificates
1、The ADFS token-signing certificates are only used for the relying party?If yes,then why token-signing certificates are used when adding the claims provider? 2、The ADFS token-encryption certificates are only used for the claims provider?If yes,then why…
asked 2023-12-30T13:39:24.0066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 15%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
宁 李
0
Reputation points
commented 2024-01-25T20:12:11.17+00:00
JamesTran-MSFT
36,461
Reputation points Microsoft Employee
1 answer
Request to Change Primary Domain of Azure AD for Transitioning SSO from Okta to Azure AD (Entra ID)
As the subject suggests, we are considering the transition of SSO functionality from Okta to Azure AD (Entra ID). However, there is an issue with the SSO configuration due to the discrepancy between the primary domain of Azure AD and the login ID of the…
asked 2023-08-22T06:07:48.7466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 76%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
AWANO Kyohei
10
Reputation points
commented 2024-01-25T04:42:19.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 61%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Chanroeun Pa (CID)
0
Reputation points
0 answers
Upgrading ADFS 2012R2 to ADFS 2019
Hello All, We are planning to upgrade our ADFS servers 2012R2 to 2019 WID. just wanted to know once we do all the required steps from the below Microsoft document, after raising the FBL to V4 will the federation metadata be changed? or do we need to get…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 14.000000000000002%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)