1,204 questions with Active Directory Federation Services tags
Azure MFA to On-premises applications without ADFS and AzADAppProxy
Hi. I need to know what options do I have to force my internal apps to request Azure MFA when my clients access internally (or externally, published in the firewall). I don't want that my on-premises apps needs to go via application proxy via azure,…
How can a service account in active directory sign in to azure with adfs?
Hi, How can a service account in active directory sign in to azure with ADFS? It seems like when using ADFS, the domain user has to enter his credentials to a login page. What should a service account do in the same case (as it is not an interactive…
Delegated permission to access Entra ID page?
As per this security article, I have ensured that Restrict access to the Azure AD administration portal is set to Yes**.** What is the custom Azure AD / Entra ID role I must create that allows the user access to the access below page as read-only: …
About exchnage schema extention in AD
Mailnickname attribute is absent in my AD which I need for AADC sync so I install Exchnage server 2019 in AD and run setup command which continuosly giving me error First of all I want to ask is my method is correct? or Can we extent Exchnage schema…
About sharepoint schema extention in AD
I want to ask the method for Sharepoint Schema extention in AD I have searched but not found any document which satisfy my need Is there anyone who knows how to do it? Or any usefull docs??
Unable to add second ADFS server to existing farm (MSSQL and gMSA)
Hello, My first Server 2019 ADFS server is working fine, but for HA purposes I wanted to add a second one. I already made sure that my GMSA, which is just named "ADFS-GMSA" works fine with my MSSQL server. I was following the instructions here:…
MailNickname attribute is missing from Attribute Editor
In My case the mailnickname attribute is missing from AD and I want to modify the nick name Can anyine tell why this is happening to my ad I want to modify the nickname from GUI rather the PS Thank you
How to federate multiple AzureAD Enterprise Applications with same on-premise ADFS Farm?
Hi there We have Enterprise Application in Azure AD tenant that federates with an on-premise ADFS farm. In the SAML config, we specify the identifier URL for the ADFS farm, and this works okay. We want to create a second Enterprise…
Questions regarding on-prem MFA integrated with on-prem Azure and credentials
I need to change the credentials used by MFA ADFS Adapter on my on-prem ADFS farm. The farm consists of 3 Windows Server 2016 systems using a WID database. Would it just be a matter of updating the relevant config file and running the registration cmdlet…
Integrating Azure AD with On-premises AD, but without syncing users to Azure AD
We are looking to integrate Azure AD with On-premises AD, but without syncing users to Azure AD to save us the cost of having them stored on Azure with the licenses required. We need eventually to authenticate users through the on-premises AD and to…
Migrate settings from AD FS Win 2012R2 to Windows Server 2016
Hello everyone We currently have a Windows Server 2012R2 with the ADFS function in use which is connected to Azure. Due to problems that always occur with the WID and the old Windows Server version on the AD FS Server, I have installed a new Windows…
The User Profile Service service failed the sign-in. User Profile cannot be loaded
The User Profile Service service failed the sign-in. User Profile cannot be loaded
Migrating away from on prem ADFS to Entra ID still authenticating on prem.
Greetings, We are running an on prem ADFS (version 2019). One of the main activities we use ADFS for is acting as an STS for our API via service to service communication. Our clients (API consumers) are configured as trusted claim providers, in other…
Newly setup Hybrid Modern Authentication on on-prem Exchange, fails to authenticate with error 2002
Hello Team, Configured HMA on existing on-prem exchange server. Then to test it out when I use a Outlook on desktop, looks like I can see ADFS page, but past that I fail to authenticate, with this error.
How can I get the Owner and the 'Users and Group' assigned to the Enterprise Application or Service principal
Using PowerShell Microsoft Graph, how can I get/retrieve the list of Owners and the 'Users and Group' assigned to the Enterprise Application or Service principal? When I tried using the below cmdlet, it threw an error about the object cannot be…
ADFS Single signon issue with external idp - SAML 1.1 Assertion is missing ImmutableID of the user
I have office 365 + Onperm AD + ADFS for federation. I have configured Shibboleth as a second Claims provider (MFA enabled). When I tried to login to office 365, I get Windows AD and Shibboleth as options, when I click on Shibboleth, I get authenticated…
Set up synchronization between Active Directory and Google Workspace
Hello, First, happy new year to all! Let me set the scene quickly. I work for a company that uses a hybrid Azur Active Directory, but we've acquired a company using Google Workspace that we need to keep for operational reasons. Using Active Directory AND…
ADFS token-signing certificates and token-encryption certificates
1、The ADFS token-signing certificates are only used for the relying party?If yes,then why token-signing certificates are used when adding the claims provider? 2、The ADFS token-encryption certificates are only used for the claims provider?If yes,then why…
Request to Change Primary Domain of Azure AD for Transitioning SSO from Okta to Azure AD (Entra ID)
As the subject suggests, we are considering the transition of SSO functionality from Okta to Azure AD (Entra ID). However, there is an issue with the SSO configuration due to the discrepancy between the primary domain of Azure AD and the login ID of the…
Upgrading ADFS 2012R2 to ADFS 2019
Hello All, We are planning to upgrade our ADFS servers 2012R2 to 2019 WID. just wanted to know once we do all the required steps from the below Microsoft document, after raising the FBL to V4 will the federation metadata be changed? or do we need to get…