ADFS 4.0 Third Party MFA (USB) - Without Azure MFA RRS feed

  • Question

  • Hi There,

    I've installed a brand new ADFS 4.0 architecture.

    On of our goal is for a specific Party Trust to use an usb key for MFA (a Yubikey). I read every where about Azure MFA but I don't want to use this solution.

    I juste want to use this usb key (Pin Code) as a second factor authentication.

    Does anyone know if it's possible with ADFS on Windows Server 2016 ? (To be honest, it's very complicated to find some information on this)

    Thanks for your help.


    Tuesday, January 8, 2019 3:24 PM


  • I believe that at least some Yubikey devices can emulate a smartcard so perhaps you could do that and configure certificates as the second factor authentication.

    My guess though is that you're expecting to be able to use the Yubikey as a U2F type device and not deal with all the headaches that smartcard rollout can entail. In which case, I don't know of a way to use it as the second factor out-of-the-box. You don't have to use Azure MFA specifically, but you'll need some 3rd party MFA solution that integrates with ADFS to handle the authentication, token enrollment, etc. If you already have an MFA product for your VPN, SSH, desktops, or similar they probably have an adapter to integrate with ADFS.

    • Marked as answer by pmerigot Friday, February 15, 2019 1:53 PM
    Wednesday, January 9, 2019 4:35 PM