locked
Can you grant read-only access to ADFS Management Application? Or export relying party configs for review? RRS feed

  • Question

  • I have been asked to see if I can find a way to grant our security team read-only access to out ADFS environment. They wish to review the relying partner trust settings, etc. Can this be done? If not can we export the relying trust party configs and other settings so they can review all the settings?

    Many thanks in advance!

    Tuesday, January 30, 2018 1:28 AM

All replies

  • Hello,

    I am not sure you can grant just read only access. Because you may need to give them RDP access to the adfs server. 

    Yes you can export the Relying part through powershell

    Get-AdfsRelyingPartyTrust 

    this will display all the RP and you can output to csv or txt


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Thursday, February 1, 2018 7:23 AM
  • You can export  to an XML file which contain all RPs and rules


    get-adfsrelyingpartytrust | Export-Clixml XXXX.xml

    Saturday, February 3, 2018 7:19 AM
  • You can do it through Just Enough Admin. I have a example on GitHub (but not public yet). Let me know if you want to test it.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, February 5, 2018 1:47 PM
  • Hi Pierre,

    Thoughts on when you may release your JEA stuff by chance?  Thanks

    • Edited by djeinck Tuesday, December 4, 2018 4:55 PM
    Tuesday, December 4, 2018 4:50 PM