Complete this task to enable Integrated Windows Authentication (IWA) on Active Directory Federation Services (ADFS) 3.0 or 4.0.

Procedure

1. On the ADFS server, run PowerShell as administrator.

2. Use the following PowerShell commands to view the current ADFS settings:

$FormatEnumerationLimit=-1Get-ADFSProperties

Set-ADFSProperties –ExtendedProtectionTokenCheck None

Set-ADFSProperties -WIASupportedUserAgents @("MSIE 6.0", "MSIE 7.0", "MSIE 8.0", "MSIE 9.0", "MSIE 10.0", "Trident/7.0", "MSIPC", "Windows Rights Management Client", "Firefox/25.0", "Firefox/47.0", "Mozilla/4.0", "Mozilla/5.0")

$FormatEnumerationLimit=-1Get-ADFSProperties

• For ADFS 4.0:
  
  a. Open ADFS Management.

  b. Click Service -> Authentication Methods.

  c. Click Edit Primary Authentication Methods.

  d. In the Primary authentication tab, intranet section, select Windows Authentication. Optionally select Forms Authentication. Forms Authentication allows users who cannot use IWA, such as Linux and Mac users, to authenticate with SAML.

• For ADFS 3.0:
  
  a. Open ADFS Management.

  b. Click Authentication Policies.

  c. Click Edit Global Primary Authentication.

  d. In Primary Authentication, Global Settings, Authentication Methods, clickEdit.

  e. In the intranet section, select Windows Authentication. Optionally selectForms Authentication. Forms Authentication allows users who cannot use IWA, such as Linux and Mac users, to authenticate with SAML.

Parent topic: Enabling IWA (ADFS only)

Related tasks
Creating ADFS service principal names (SPNs)
Enabling Integrated Windows Authentication on ADFS 2.0
Configure browsers for Integrated Windows Authentication

Help on Help

All Help Contents

Help on Help