Forum Discussion
Is it possible to implement captcha on ADFS sing-in form page ?
We are currently experiencing frequent account lockouts from our ADFS servers. We have tracked the offending authentication attemps to other countries. We have tried working with MS portal support, but did not get any where.
We also have adjusted out ADFS Extranet lockout settings to no availe.
We too are wondering about:
- MFA first for external authentication (having it second still allows multiple bad attempts)
- Possible use of CAPTCHA (or something similar)
- Setting some kind of geo-location limits to authentication
- Pié
Microsoft
Note that ADFS 2016 supports Azure MFA as a primary factor for authentication:
- Configure AD FS 2016 and Azure MFA https://docs.microsoft.com/en-ca/windows-server/identity/ad-fs/operations/configure-ad-fs-2016-and-azure-mfa
ADFS 2016 also support Windows Hello for Buisness as primary authentication too.
You can also use certificate based authentication as a primary factor for external authentication. This works since ADFS 2.0.
Setting up limits on geographical location can be done thorugh web application firewall like Incapsula.
You can check https://www.incapsula.com/
If the MFA prompt was before the auth however, end users would be getting endless prompts on their devices. Not sure that is a alternative I would advocate.
