locked
Authentication policy locations RRS feed

  • Question

  • I am wondering how ADFS sets or uses to determine the locations. The Intranet and Extranet locations do not seem to affect machines internally.

    In Authentication Policy, if I set Extranet location or Unregistered devices, I get MFA prompt from outside.

    If I just select Intranet location, I do not get MFA prompt from outside. This tells me the Extranet location works from outside.

    Selecting all or any options, I cannot get MFA prompt from inside.  

    Wednesday, October 31, 2018 9:13 AM

All replies

  • Extranet policy = the connexion is coming through a WAP server, the WAP servers add some headers and the ADFS servers will know it's coming from them.

    Intranet policy = the connexion is hitting directly ADFS servers, no WAP involved.


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, November 1, 2018 12:47 AM
  • Hi , Thanks for that.

    I am not getting a MFA prompt from inside. How can I diagnose where this is going wrong?

    Thursday, November 1, 2018 1:38 AM
  • Can you share your policies details?


    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, November 1, 2018 2:56 AM
  • Hi

    Does this cover what you are looking for?

    Thursday, November 1, 2018 3:12 AM