none
ADFS 2016 with Azure MFA prompted twice for Office 365 RRS feed

  • Question

  • I've recently migrated from ADFS3 (Server 2012 R2) to ADFS4 (Server 2016).

    Following a successful migration, I enabled the Azure MFA option in ADFS4 and set it up as per MS guide.

    Technically it is working but the test users are getting prompted twice for Office 365 sign ins.

    The user navigates to an Office 365 login page, which redirects to internal ADFS.  After entering their password, they get a MFA request with the ADFS backdrop which when successful redirects to another MFA request with the Office 365 backdrop.

    I think this is happening because in ADFS I have MFA required enabled and on Office 365 too BUT ADFS MFA won't work without Office 365 being enabled... unless I'm doing something wrong.

    Shouldn't ADFS be telling Office 365 its already authenticated so no need to ask again?

    Any advice is appreciated.

    Monday, June 19, 2017 10:05 PM

Answers

  • Well after a sweaty nights sleep, figured out it was user error.

    I changed SupportsMfa in Set-MsolDomainFederationSettings to $false; it was $true originally but pretty sure I read that it needs to be false for Azure MFA to work... just can't find where I read that now, d'oh!


    Tuesday, June 20, 2017 8:59 AM

All replies

  • Well after a sweaty nights sleep, figured out it was user error.

    I changed SupportsMfa in Set-MsolDomainFederationSettings to $false; it was $true originally but pretty sure I read that it needs to be false for Azure MFA to work... just can't find where I read that now, d'oh!


    Tuesday, June 20, 2017 8:59 AM
  • Thanks for sharing!

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Tuesday, June 20, 2017 4:38 PM
    Owner