ADFS And multiple MFA Providers

Brass Contributor

We are looking at  maybe switching our MFA tokens from one token provider to another. Rather then making that switch all at once we would like to do it a stataged manner.  I am wondering if its possible to control with groups what authentication provider is used for a user if an RP is configured for MFA?


We currently are running ADFS on Windows 2012R2 .

4 Replies
best response confirmed by Matt Karel (Brass Contributor)

You will have to use some custom solution for that, AD FS will display/allow all available MFA methods.

I kind of figured that but figured no harm in asking.  


I have similar requirment. We implement a MFA for ADFS and also use Microsoft MFA solution.

We want to let specific group to use our own MFA and others use Microsoft MFA.

Employee won't want to select which MFA they need since they will be confused. 

Is there more information about how to do it to make the login page automatically select MFA provider for user? 

That you can control with claims rules. Just make sure to send the claim or you will get login loops. 


Look up "SupportsMFA" to get more info, here's one good post: