Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-06-19 12:06:01 +0000

nofretete gravatar image

To set StrongAuthenticationMethods as the default using PowerShell, you can use the following command:

Set-ADFSRelyingPartyTrust -TargetName "RelyingPartyName" `
-ClaimsProviderName @("Active Directory") `
-AuthenticationMethod @("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport") `
-AlternateAuthenticationMethods @("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport","http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows") `
-Enabled $true `
-SigningCertificateThumbprint "CertificateThumbprint" `
-EncryptionCertificateThumbprint "EncryptionCertificateThumbprint"

Replace "RelyingPartyName" with the name of the relying party trust you want to update, "CertificateThumbprint" with the thumbprint of the signing certificate specified in the relying party trust, and "EncryptionCertificateThumbprint" with the thumbprint of the encryption certificate specified in the relying party trust.

This command sets StrongAuthenticationMethods as the default authentication method for the relying party trust by specifying it as the first value in the AlternateAuthenticationMethods array. This ensures that users are prompted for MFA before falling back to other authentication methods.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact