ADFS 4.0 (Server 2016 Support)


#1

We are in the process of upgrading our dev environment to Server 2016, and I noticed that the ADFS 3 document does not match what we see interface wise in ADFS 4.

On the ADFS 3 Doc (https://duo.com/docs/adfs-30) Under Configure AD FS Multi-factor Authentication, ADFS 4 is missing the Authentication Polices folder ScreenShot.

Is ADFS on Server 2016 currently supported, and if so, does anyone know of a config guide?


#2

Yes, and we’ll have updated instructions out this week.

In the meantime, here are some quick and dirty instructions for configuration after installing the Duo MFA adapter:

  1. Enable the plugin for use by AD FS- go to AD FS > Service > Authentication Methods > Multi-factor Authentication Methods and edit the Multi-factor Authentication Methods. Check the box for the Duo plugin to enable.

  2. Go to Access Control Policies and either edit one of the existing MFA policies to apply it to users or groups, or create a new MFA policy if no pre-defined one is sufficient.

  3. Go to AD FS > Service > Relying Party Trusts and right-click the relying party trust where you want to add Duo, and then select Edit Access Control Policy.

  4. Pick a policy for the relying party that includes MFA.

If you need to enforce more complex MFA rules for an Office 365 relying party, please take a look at our Guide to advanced client configuration for Duo with AD FS 3 and later with Office 365 Modern Authentication


#3

Thanks for the instructions, those worked great!