ADFS Per Relaying Party Authentication Method


As we look to deploy ADFS 3.0 or maybe even 4.0 (Server 2016) I was wondering if for internal clients if we can configure a RP to use FBA insted of the global setting of IWA for internal clients.  The reason for this is as we look to roll out workdays we need to all the user to login with there username/password as we have several (hundreds) of generic workstations used by our clinicians and need to alllow them to sign in to Workdays with their AD Username and password and not that of the generic workstation. As of right now I am thinking of just forcing all internal clients to use FBA but was wondering if there was any other alternitives.




1 Reply

The FBA/WIA decision is made before the relying party name can be determined. That is to say, you can't specify an authentication method based on relying party.


I've seen this method from Kloud implemented with much success in the past, and I reckon it might be just what you need.


In the post above, where it refers to BYOD, you should read that to be your generic workstations.