Hello

I've set an additional rule to my ADFS authenticaiton (MFA) but now I dont know how to disable it.
Any thoughts?
When I try to use the GUI, I get a message that an MFA rule was set in MS shell and thus should be controlled through shell as well.

The command I used is:

Set-AdfsAdditionalAuthenticationRule AdditionalAuthenticationRules 'EXISTS([Type == "http://
schemas.microsoft.com/ws/2012/01/insidecorporatenetwork", Value == "false"]) && EXISTS([Type == "http://schemas.microsof
t.com/2012/01/requestcontext/claims/x-ms-endpoint-absolute-path", Value == "/adfs/ls/"]) => issue(Type = "http://schemas
.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleau
thn");'

Thanks

Hi,

I didnt find any PowerShell command to disable or remove the additional authentication rule, I suggest you use AD FS Management to manage Authentication Policies.

More information for you:

Configuring Authentication Policies

http://technet.microsoft.com/en-us/library/dn486781.aspx

Best Regards,

Amy

Thank you for your reply Amy. It is helpful link but still didn't solve my issue.

I can't edit anything in the GUI after changing it in Shell. I need to find a way to disable the rule in order to be able to use the GUI again.....

Hi,

Please ensure that you have logged on using domain administrator account.

I suggest you also refer to this dedicated ADFS forum below to see if experts there have more suggestions for you:

Claims based access platform (CBA), code-named Geneva Forum

http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva

Best Regards,

Amy

Hey there. I imagine you got passed this already but I ran in to this issue just today.

For any future people who find this thread, the answer for me was to run:

Set-ADFSAdditionalAuthenticationRules $null

• Proposed as answer by v-joshad 12 hours 56 minutes ago