Configure MFA for Active Directory Federation Services (ADFS)

Modify configuration

Edit c:\Program Files\Okta\Okta MFA Provider\config\okta_adfs_adapter.json.
Save the file after making your changes.
Restart the ADFS service.
1. Open a Microsoft PowerShell as an administrator.
2. Enter and run the command: Restart-Service adfssrv -Force
3. Exit PowerShell.

Configuration changes take effect on service restart. Always restart the ADFS service after changing your configuration.

Admins should avoid changing any field not listed in the table that follows.

Property	Description	Default	Example
useOIDC	When enabled, the ADFS adapter authenticates using OpenID Connect.	false	“useOIDC”: true
allowNoMfa	Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy). Used during set-up and when troubleshooting.	true	“allowNoMfa”: false

Property

Description

Default

Example

useOIDC

When enabled, the ADFS adapter authenticates using OpenID Connect.

false

“useOIDC”: true

allowNoMfa

Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy).

Used during set-up and when troubleshooting.

true

“allowNoMfa”: false

Top

Okta Identity Engine is currently available to a selected audience.