Configure MFA for Active Directory Federation Services (ADFS)

This topic describes how to modify the configuration file for multifactor authentication (MFA) for Active Directory Federation Services (ADFS).

Modify the configuration

Edit this file in a text editor:
C:\Users\<adfs_service_account_name>\AppData\Local\Okta\Okta MFA Provider\config\okta_adfs_adapter.json.
Save the file after making your changes.
Restart the ADFS service:
1. Open Microsoft PowerShell as an administrator.
2. Enter and run this command: Restart-Service adfssrv -Force
3. Exit PowerShell.
Restart the ADFS service. Your changes take effect after the restart.

Don't change any field that doesn't appear in this table.

Property	Description	Default	Example
useOIDC	When enabled, the ADFS adapter authenticates using OpenID Connect (OIDC).	false	"useOIDC": true
allowNoMfa	Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy). This property is used during set-up and for troubleshooting.	true	"allowNoMfa": false

Property

Description

Default

Example

useOIDC

When enabled, the ADFS adapter authenticates using OpenID Connect (OIDC).

false

"useOIDC": true

allowNoMfa

Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy).

This property is used during set-up and for troubleshooting.

true

"allowNoMfa": false