How to configure the Multi-factor Authentication (MFA) for AD FS 3.0

This step is must be done by AD FS Management in order to apply ADFS3XLogin MFA rules to the AD FS 3.0. Once installation process has been completed, open AD FS Management snap-in, you will see there are two new MFAs added.

Windows 2012 Server

You can enable/disable these two ADFS3XLogin MFA methods in Global Authentication Policy and click Edit to configure how to apply them so that all RPs must follow the rules.

adfsx-windows-2012-server.png adfsx-windows-2012-server-edit-global-authentication-policy.png

Or you can configure for specific RP (MFA methods must be enabled/disabled in Global Authentication Policy).

adfsx-windows-2012-server-edit-global-authentication-policy-rp.

Windows 2016 Server

You can enable/disable these two ADFS3XLogin MFA methods in Service > Authentication Methods by clicking Edit.

adfsx-windows-2016-server.png

To change how rules are applied, you need to open the specific Relying Party and configure it.

adfsx-windows-2016-server-rp.png

Steps:

  • Select the Relying Party Trusts from the left panel.
  • Select the Relying Party you want to apply ADFS3XLogin MFA rules
  • Select Edit Access Control Policy... from the right panel
  • Select the policy you want to apply, it must be started by Permit everyone and require MFA.