多因素驗證和外部驗證提供者的自訂項目Multi-factor authentication and external authentication providers customization

適用於:Windows Server 2016、Windows Server 2012 R2Applies To: Windows Server 2016, Windows Server 2012 R2

AD FS 中, 提供 out\ of-the\ 方塊要素支援。In AD FS, the support for multifactor authentication is provided out-of-the-box. 例如,您可以設定 AD FS 使用的憑證驗證 built\ 中的第二個因數驗證以。For example, you can configure AD FS to use built-in Certificate Authentication as the second factor authentication. 您也可以使用外部驗證提供者。You can also use external authentication providers. 這種方法可以讓整合與其他服務,例如 Azure 多因素驗證,AD FS 或開發自己的提供者。This approach can enable AD FS to integrate with additional services, such as Azure Multi-factor Authentication, or you can develop your own provider. 查看方案快速入門:管理的風險 Multi\ 雙因素存取控制與如需詳細資訊,了解如何使用 AD FS 登記外部驗證提供者。See Solution Guide: Manage Risk with Multi-factor Access Control for more information about how to register external authentication provider by using AD FS.

我們建議外部驗證提供者使用 AD FS 提供撰寫驗證 UI 著定義類別。We recommend that an external authentication provider use the classes that are defined in the .css file that AD FS provides to author the authentication UI. 您可以使用下列 cmdlet 匯出預設網頁主題,並檢查的使用者介面類別和定義著中的項目。You can use the following cmdlet to export the default web theme and inspect the user interface classes and elements that are defined in the .css file. 著可用的外部驗證提供者 sign\ 在使用者介面的開發中。The .css file can be used in the development of the sign-in user interface of an external authentication provider.

Export-AdfsWebTheme -Name default -DirectoryPath C:\theme  

紅色,在外部驗證提供者反白顯示的 sign\ 的使用者介面的範例如下。The following is an example of the sign-in user interface, which is highlighted in RED, by an external authentication provider. 在使用者介面中 AD FS 著使用 UI 類別。The user interface uses the UI classes in the AD FS .css file.

AD FS 和 MFA

您撰寫新的自訂的驗證方法之前,我們建議您研究以了解製作需求 content AD FS 主題] 和 [樣式定義。Before you write a new custom authentication method, we recommend that you study the AD FS theme and style definitions to understand the content authoring requirements.

  • 自訂的驗證方法只撰寫頁面 sign\ 中 AD FS 不是完整頁面上的 HTML 區段。A custom authentication method only authors an HTML segment on the AD FS sign-in page and not the full page. 您應該使用 AD FS 樣式定義的一致的外觀和的行為。You should use AD FS’s style definition to get the consistent appearance and behavior.

AD FS 和 MFA

  • 請注意,AD FS 管理員可以來自訂 AD FS 樣式。Be aware that AD FS administrators can customize the AD FS styles. .. 我們不建議以硬您自己的樣式。We do not recommend to hardcode your own styles. 而是,我們建議使用 AD FS 樣式盡可能。Instead, we recommend to use AD FS styles whenever possible.

  • Out\ of-的方塊中,AD FS 樣式一種 left\ to\ 右下 (LTR) 樣式和一個 right\ to\ 左 (RTL) 撰寫。Out-of-the box, AD FS styles are authored with one left-to-right (LTR) style and one right-to-left (RTL). 系統管理員可以自訂兩,並提供透過 web 主題定義特定 language\ 樣式。Administrators can customize both, and can provide language-specific styles through the web theme definition. 每個樣式已意見各自的三個區段︰Each style sheet has three sections with respective comments:

    • 主題樣式-這些樣式不應該無法使用。theme styles - These styles should not and cannot be used. 這些樣式來定義主題所有網頁上的適用於對短片。These styles are meant to define theme across all pages. 它們是由定義項目 ID 故意,因此不重複使用。They are defined by an element ID purposely so that they are not reused.

    • 常用的樣式-這些都是適用於您的樣式。common styles - These are the styles that should be used for your content.

    • 表單規格樣式-這些都是針對不同尺寸規格樣式。form factor styles - These are styles for different form factors. 您應該會了解此一節,以確保您運作使用不同的尺寸規格,例如、手機與平板電腦。You should understand this section to ensure that your content works with different form factors, for example, phones and tablets.

如需詳細資訊,請查看方案快速入門:Multi\ 雙因素存取控制與管理的風險方案指南:管理與其他 Multi\ 雙因素驗證敏感的應用程式的風險For additional information, see Solution Guide: Manage Risk with Multi-factor Access Control and Solution Guide: Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications.

其他參考資料Additional references

AD FS 使用者登入自訂AD FS User Sign-in Customization