Forum Discussion

brentmattson's avatar
brentmattson
Brass Contributor
Mar 21, 2019
Solved

We use ADFS for SSO, can we use Azure conditional access policies for apps other than Office365?

We have apps like Salesforce, Concur etc.. that we may like to put some conditional access policies around (force MFA, deny access based on location etc) .  We use on prem ADFS 3.0 to authenticate wi...
Access Management
Identity Management
  • Shawn Beckers's avatar
    Shawn Beckers
    Mar 21, 2019

    brentmattsonYour non-O365 apps which utilize ADFS for authentication won't be able to use the Azure AD CA policies.  You'll need to set up access control policies within ADFS for them since the auth requests for those apps don't touch Azure AD.

LivinO365's avatar
LivinO365
Copper Contributor
Oct 02, 2019

I thought the same thing until I stumbled on this article.  Is this a typo or is there a way to configure CA with ADFS?

 

https://docs.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn

Comparing methods

Consideration Password hash synchronization + Seamless SSO Pass-through Authentication + Seamless SSOFederation with AD FS
What are the Conditional Access options?https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overviewhttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overviewhttps://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

https://adfshelp.microsoft.com/AadTrustClaims/ClaimsGenerator

Resources