Forum Discussion
Chris Kincaid
Feb 17, 2020Copper Contributor
ADFS 2016 & Multiple MFA providers
Currently running ADFS 2016 with Duo as our MFA provider. We are planning to move to O365 MFA, and would like to do it in a phased migration. A quick test shows that if both providers are selected in the configuration, the user is prompted to select which provider to use. Two questions, 1) is there a way to customize this selection screen? and 2) is there a way to define which provider a user is taken to based on group membership in AD? Thanks.
- Carl_C_RaymondCopper Contributor
Chris KincaidThe best way I've found is to upgrade to ADFS 2019, raise the FBL, and then follow advice from https://docs.microsoft.com/answers/questions/18531/adfs-2019-multiple-mfa-provider-selection-on-rp.html
Depends, you might be able to force a specific method via claims rules (see for example here: https://dirteam.com/sander/2017/01/16/forcing-the-use-of-a-specific-azure-multi-factor-authentication-method-for-a-relying-party-trust-in-ad-fs/), but if multiple providers use the same method, you'll have to edit the aspx/js files.