Configure MFA for Active Directory Federation Services (ADFS)

Modify configuration

  1. Edit c:\Program Files\Okta\Okta MFA Provider\config\okta_adfs_adapter.json.
  2. Save the file after making your changes.
  3. Restart the ADFS service.
    1. Open a Microsoft PowerShell as an administrator.
    2. Enter and run the command: Restart-Service adfssrv -Force
    3. Exit PowerShell.

Configuration changes take effect on service restart. Always restart the ADFS service after changing your configuration.

Properties

Admins should avoid changing any field not listed in the table that follows.

Property Description Default

Example

useOIDC

When enabled, the ADFS adapter authenticates using OpenID Connect.

false

"useOIDC": true

allowNoMfa

Allow the user to sign in without requiring a second authenticator (based on the ADFS app policy).

Used during set-up and when troubleshooting.

true

"allowNoMfa": false