ADFS SSO sign-in as different user
We have federation configured with Azure AD using ADFS with SSO enabled. This is working as expected. However, one slight issue for the admin team who are required to sign-in using different privileged credentials, different from their regular user account. Problem is ADFS SSO is automatically signing-in the user as the account logged-into Windows. E.g. 'User runs a PowerShell command --> Authentication prompt comes-up --> user enters their privileged ID (different from their regular account) --> User enter their password --> user sign-in as their regular account rather than the privileged account they used at the sign-in screen". Is there a workaround for this issue other than using a non-domain joined laptop?
ADFS - Unable to log on with UPN
Hi All, In our development environment we have ADFS 3.0 servers authenticating federated users. Recently, users have been unable to log on using their UPN. SamAaccountName works without issue. For information the domain and upn set up is as follows: The internal domain is childdomain.root.int.ac.uk Users exist in the child domain "childdomain.root.int.ac.uk" but have a their UPN changed to username@int.ac.uk. When signing into Office 365 or via ADFS theya re able to use their samaccountname but using the UPN gives an incorrect username or password error. We see the following error in the ADFS logs: Token validation failed. Additional Data Token Type: http://schemas.microsoft.com/ws/2006/05/identitymodel/tokens/UserName %Error message: If they attempt to use the ADFS password change page I see the following error in the logs: Password change failed for following user: Additional Data User: u1234560@int.ac.uk. Device Certificate: Server on which password change was attempted: Error details: UserNotFound Any ideas what might be causing this?AAD Connect staging mode and ADFS configuration
We are migrating AAD Connect to a new server and has installed the tool using https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-existing-database. However, we are bit puzzled with ADFS configuration. O365 tenant is federated with ADFS. Do we need to configure ADFS settings in newly installed AAD Connect? If yes, at what point we do that: when we disable the staging mode or this is something that can be done with Staging mode enabled.
Multiple federated accounts cannot login to Outlook Desktop
Environment: AD FS on-prem Exchange Online Hybrid Client: Domain bound Windows 10 Office 2016 On client machine, user is setup with his mailbox in Outlook. User also requires to add additional mailbox in their Outlook. When we try to add another account, it does not prompt for credentials and adds the account in Outlook right away. This is happening because user is logged into machine with his AD account and AD FS uses those credentials and skips the authentication window even if we are trying to setup a new account. How can this situation be handled and user can be allowed to setup another account in their Outlook?Migrate upgraded ADFS farm from WID to SQL
Hi, We have a few ADFS farms that have been upgraded/migrated from ADFS v3 to ADFS v4 in the past. We now want to migrated the WID database to SQL Always-On. There are numerous articles describing the migration from WID to SQL, but they all only mention AdfsConfiguration.mdf, but in an upgraded farm you also have a AdfsConfigurationV3.mdf (and its respective ldf). Can we ignore the V3 files or do we need to migrate them to? Please advise! Kind regards, Enrico Klein
How to connect ADFS with OAuth 2.0 protocol
Current environment information Server OS Version: Windows Server 2012 R2 ADFS was installed. I can not create an OAuth 2.0 authentication request after ADFS client added. I use this url:(This domain is for internal network access only, because firewall is running to filter tcp 80/443 port by china telecom government security policy limit) https://adfs.dingplace.com/adfs/oauth2/authorize?client_id=wifidog_authportal&response_type=code&redirect_uri=http%3A%2F%2F172.20.1.6%3A8080%2F~dingstudio%2FwebAuth%2FadfsLogin.php&scope=openid&state= to request authentication, but ADFS redirect my request to an error page and take some error description. How can make the ADFS work correctly, and where is ADFS' s resource application program interface ? Before ADFS, my single sign on solution is CAS or myself auth server. I want a solution to help me.
need to clean up Federated domain
Hi Members, Good day, We have a federated domain in Azure. -> eg. fed.dom.lo.com the AD Connect was set up and it had synchronized all the users in our on-prem domain controller to the Azure. Assume we had 20k users in the specific OU, which was set for the sync. Now, the change that came in would want us to sync users which have a specific attribute set. ie, departmentName = xyz and not all. My doubts are as below, 1.What would happen to the existing users in Azure federated domain, would there be a clean up automatically done? ex, users synced are 20k, but users with attribute are just 3k. 2.How would we do a clean up on Azure domain? 3. Could we delete all the users on Azure domain and add the inbound sync rule to have the limited users show up again? or any better way to achieve this. Thank you V
