This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Can you grant read-only access to ADFS Management Application? Or export relying party configs for review?

Question
0

Sign in to vote

I have been asked to see if I can find a way to grant our security team read-only access to out ADFS environment. They wish to review the relying partner trust settings, etc. Can this be done? If not can we export the relying trust party configs and other settings so they can review all the settings?

Many thanks in advance!

Tuesday, January 30, 2018 1:28 AM

All replies

0

Sign in to vote

Hello,

I am not sure you can grant just read only access. Because you may need to give them RDP access to the adfs server.

Yes you can export the Relying part through powershell

Get-AdfsRelyingPartyTrust

this will display all the RP and you can output to csv or txt

Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

Thursday, February 1, 2018 7:23 AM
0

Sign in to vote

You can export to an XML file which contain all RPs and rules

get-adfsrelyingpartytrust | Export-Clixml XXXX.xml

Saturday, February 3, 2018 7:19 AM
0

Sign in to vote

You can do it through Just Enough Admin. I have a example on GitHub (but not public yet). Let me know if you want to test it.
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

Monday, February 5, 2018 1:47 PM
0

Sign in to vote
Hi Pierre,

Thoughts on when you may release your JEA stuff by chance? Thanks
- Edited by djeinck Tuesday, December 4, 2018 4:55 PM
Tuesday, December 4, 2018 4:50 PM