ADFS2012R2: Authentication Policies - Certificate AuthN RRS feed

  • Question

  • I am looking for more details on certificated based authentication schemes supported in ADFS2012 R2. Certificate authentication is listed under both Primary and MFA but what's the difference between the two? Thanks.

    Anu Melkote

    Monday, March 14, 2016 4:49 PM


  • The only thing to know is that primary authentication is always performed whereas the MFA is triggered based (you pick what are the triggers, could be group membership, whether the user is connected locally or externally, or based on the value of any other claims available for the ADFS after a successful auth).

    So you have MFA only after primary.

    If you pick Certificates for primary, and leave the Forms, the user will have the choice between typing its username/password or select a certificate from its local store.

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Monday, March 14, 2016 7:34 PM