Active Directory Lightweight Directory Services (ADLDS) (7).
Active Directory Federation Services (ADFS) (126).
Active Directory Users And Computers (2).
Active Directory Domain Services (ADDS) (322).
Active Directory Certificate Services (ADCS) (30).
I think that the short history is that using the new ADFS adapter requires MFA licenses. It seems that you will not see “Azure Multi-Factor Auth Client” in the list of MSOL Service Principals until you have at least one account with an MFA license on your tenant.Īfter doing this, I needed to wait a couple of minutes and then I executed again the PS commands that I showed before… and bang!! I was able to register the Azure MFA as authentication method in ADFS Server. It means that you don’t have registered the SPN for Azure MFA, and to solve this it is very simple, you can purchase a trial of Azure MFA (P1, P2, EMS, o whatever plan where Azure MFA is included) and assign a license to one user, for example in my case, I assigned the license to the test users. You can check the info in the following article: īut in my case, every time I was executing the command New-MSOLServicePrincipalCredential, I was receiving an error saying: “Principal Service was not found” I double checked if I was Global ADmin in the O365 and Azure subscription and I was!! So… what the hell means that error? New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64 $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID $tenantID Once you have installed this, you need to execute the following commands: **First point to take into accountįor the record, you will need to use the Connect-MSolService cmdlet, so be sure that you have installed the PowerShell modules in your server As you know, if you have E1 or E3 licenses, you can use Azure MFA by default, is it not necessary to purchase extra licenses in order to use this service. Thus we can integrate this with ADFS in a very simple (but tricky) steps. Why? Because it was a requirement for the project that all internal users use MFA in order to authenticate to O365. In this case, first I configured the ADFS farm (in my case with WS2016), and then I was ready to configure Azure MFA in the Authentication methods for the Intranet and Extranet. Today I’m back with ADFS, the other day I needed to configure ADFS with Azure MFA for a client.
0 kommentar(er)
