Table of contents
TLS
TOC
Collapse the table of content
Expand the table of content

Set-AdfsGlobalAuthenticationPolicy

Brian Lich|Last Updated: 3/8/2017

SYNOPSIS

Modifies the AD FS global policy.

SYNTAX

Set-AdfsGlobalAuthenticationPolicy [-AdditionalAuthenticationProvider <String[]>]
 [-DeviceAuthenticationEnabled <Boolean>] [-DeviceAuthenticationMethod <DeviceAuthenticationMethod>]
 [-AllowDeviceAuthAsPrimaryForDomainJoinedDevices <Boolean>]
 [-PrimaryExtranetAuthenticationProvider <String[]>] [-PrimaryIntranetAuthenticationProvider <String[]>]
 [-WindowsIntegratedFallbackEnabled <Boolean>] [-ClientAuthenticationMethods <ClientAuthenticationMethod>]
 [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Set-AdfsGlobalAuthenticationPolicy cmdlet modifies the Active Directory Federation Services (AD FS) global policy. You can also use the cmdlet to enable an external provider in the global policy.

EXAMPLES

Example 1: Set the primary extranet authentication policy

PS C:\> Set-AdfsGlobalAuthenticationPolicy -PrimaryExtranetAuthenticationProvider @('FormsAuthentication', 'CertificateAuthenticaton')

This command sets the primary extranet authentication policy to forms-based or certificate-based authentication. In this case, the user is provided a choice when the user logs on to an application protected by AD FS from the extranet.

Example 2: Enable an additional authentication provider

PS C:\> Set-AdfsGlobalAuthenticationPolicy -AdditionalAuthenticationProvider "A1ExternalAuthProvider"

This command enables the provider named A1ExternalAuthProvider as an additional authentication provider in the global policy. Note that the value provided for the AdditionalAuthenticationProvider parameter corresponds to the value you provide for the Name parameter in the Register-AdfsAuthenticationProvider cmdlet, and to the Name property in the output from the Get-AdfsAuthenticationProvider cmdlet.

PARAMETERS

-AdditionalAuthenticationProvider

Specifies an array of names of external authentication providers to add to the global policy.

Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

Type: String[]
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AllowDeviceAuthAsPrimaryForDomainJoinedDevices

Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

Type: Boolean
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ClientAuthenticationMethods

Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

Type: ClientAuthenticationMethod
Parameter Sets: (All)
Aliases: 
Accepted values: None, ClientSecretPostAuthentication, ClientSecretBasicAuthentication, PrivateKeyJWTBearerAuthentication, WindowsIntegratedAuthentication

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-DeviceAuthenticationEnabled

Specifies whether device authentication is enabled for the global policy.

Type: Boolean
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DeviceAuthenticationMethod

Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

Type: DeviceAuthenticationMethod
Parameter Sets: (All)
Aliases: 
Accepted values: All, ClientTLS, SignedToken

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PrimaryExtranetAuthenticationProvider

Specifies an array of names of authentication providers for the primary extranet to add to the global policy.

Type: String[]
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PrimaryIntranetAuthenticationProvider

Specifies an array of names of authentication providers for the primary intranet to add to the global policy.

Type: String[]
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-WindowsIntegratedFallbackEnabled

Specifies whether fallback to Integrated Windows Authentication is enabled on the intranet.

Type: Boolean
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

System.Object

NOTES

Get-AdfsGlobalAuthenticationPolicy

Register-AdfsAuthenticationProvider

Get-AdfsAuthenticationProvider

© 2017 Microsoft