Configure MFA for Active Directory Federation Services (ADFS)

This topic describes how to modify the configuration file for multifactor authentication (MFA) for Active Directory Federation Services (ADFS).

Modify the configuration

Edit this file in a text editor:
C:\Users\<adfs_service_account_name>\AppData\Local\Okta\Okta MFA Provider\config\okta_adfs_adapter.json.
Save the file after making your changes.
Restart the ADFS service:
1. Open Microsoft PowerShell as an administrator.
2. Enter and run this command:
```
Restart-Service adfssrv -Force
```
3. Exit PowerShell.
Restart the ADFS service. Your changes take effect after the restart.

Properties of the configuration file

CAUTION:

Don't change any field that doesn't appear in this table.

Property

Description

Default

Property	Description	Default	Example
`useOIDC`	When enabled, the ADFS adapter authenticates using OpenID Connect (OIDC).	`false`	`"useOIDC": true`
`allowNoMfa`	Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy). This property is used during set-up and for troubleshooting.	`true`	`"allowNoMfa": false`

Example

useOIDC

When enabled, the ADFS adapter authenticates using OpenID Connect (OIDC).

false

"useOIDC": true

allowNoMfa

Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy).

This property is used during set-up and for troubleshooting.

true

"allowNoMfa": false