MFA for Active Directory Federation Services (ADFS) Configuration

You can configure MFA for Active Directory Federation Services (ADFS) properties as required.

Changes to the MFA for ADFS adapter okta_adfs_adapter.json are only loaded on service restart.
Always restart the ADFS service after changing the okta_adfs_adpater.json configuration.

Modify configuration

  1. Using a text editor open c:\Program Files\Okta\Okta MFA Provider\config\okta_adfs_adapter.json.
  2. Make any required changes and save.
  3. Restart the ADFS service.
    1. As administrator open a Microsoft PowerShell.
    2. Execute the command
      Restart-Service adfssrv -Force
    3. Exit PowerShell.

Properties

Admins should avoid changing or otherwise modifying any field not listed here.

Property Description Default

Example
useOIDC When enabled the ADFS adapter will authenticate using Open ID Connect. false “useOIDC”: true
allowNoMfa Allow the user to login without requiring second authenticator(based on the ADFS app policy).
Typically only used during setup and when troubleshooting.		 true

“allowNoMfa”: false