ADFS – Extranet Smart Lockout (ESL)

Since June 2018, There is this new feature for your AD FS 2016 infrastructure called Extranet Smart Lockout (ESL). The feature is similar to the one present in the Azure cloud called Azure AD Smart Lockout. The feature let you differentiate between sign-in attempts that look like they're from the valid user and sign-ins from what may … Continue reading ADFS – Extranet Smart Lockout (ESL)

ADFS – How-to federate with a customer

What is ADFS ? It’s a web service that authenticates your users to Active Directory while also simultaneously providing them access to some claims-aware application (i.e. Office 365). Many times, these applications are typically used through the client’s web browser. The applications can be on-premises, off-premises, or even hosted by other companies. It doesn’t really … Continue reading ADFS – How-to federate with a customer

ADFS – OpenID Connect Configuration

Create a new application group in ADFS with the following configuration : Standalone application > Server application Set a name that will define your application Hit next and copy the client identifier to a notepad, you will need it later. The redirect URI is the server local URI you will use to test your application … Continue reading ADFS – OpenID Connect Configuration

ADFS – Web Application Proxy 2016 Installation & Configuration

Prepare two Windows 2016 servers with Windows Updates. Dont join them to the domain. Installing Web Application Proxy Let’s fire up the Add Roles Wizard from Server Manager As noted in the previous post, there is no longer a separate AD FS proxy role in Windows 2016.  The Remote Access feature provides VPN, Direct Access … Continue reading ADFS – Web Application Proxy 2016 Installation & Configuration

ADFS – Active Directory Federation Services 2016 Installation & Configuration

Install and prepare two servers (adfs01/ 2016 with windows updates and join them to your domain. Determine the namespace that you will use for your ADFS ( Follow up the next step for completion. Service accounts As recommended by Microsoft,  a Group Managed Service Account (gMSA) has been created for managing the ADFS service. Specify … Continue reading ADFS – Active Directory Federation Services 2016 Installation & Configuration