Mar 21 2019
07:37 AM
- last edited on
Jul 27 2020
06:45 PM
by
TechCommunityAP
Mar 21 2019
07:37 AM
- last edited on
Jul 27 2020
06:45 PM
by
TechCommunityAP
We have apps like Salesforce, Concur etc.. that we may like to put some conditional access policies around (force MFA, deny access based on location etc) . We use on prem ADFS 3.0 to authenticate with those apps as well as Office 365. Are we able to only use the custom rules inside of ADFS to grant\deny access or could we somehow extend those apps to be able to use Azure conditional access like Office 365 is able to even though we authenticate via ADFS?
Mar 21 2019 10:49 AM
Solution@brentmattsonYour non-O365 apps which utilize ADFS for authentication won't be able to use the Azure AD CA policies. You'll need to set up access control policies within ADFS for them since the auth requests for those apps don't touch Azure AD.
Oct 02 2019 10:28 AM
I thought the same thing until I stumbled on this article. Is this a typo or is there a way to configure CA with ADFS?
https://docs.microsoft.com/en-us/azure/security/fundamentals/choose-ad-authn
Mar 21 2019 10:49 AM
Solution@brentmattsonYour non-O365 apps which utilize ADFS for authentication won't be able to use the Azure AD CA policies. You'll need to set up access control policies within ADFS for them since the auth requests for those apps don't touch Azure AD.