Configure Additional Authentication Methods for AD FS
In order to enable multifactor authentication (MFA), you must select at least one extra authentication method. By default, in Active Directory Federation Services (AD FS) in Windows Server, you can select Certificate Authentication (in other words, smart card-based authentication) as an extra authentication method.
Note
If you select Certificate Authentication, ensure that the smart card certificates have been provisioned securely and have pin requirements.
Did you know that Microsoft Azure provides similar functionality in the cloud? Learn more about Microsoft Azure identity solutions.
Create a hybrid identity solution in Microsoft Azure:
- Learn about Microsoft Entra multifactor authentication.
- Manage identities for single-forest hybrid environments using cloud authentication.
- Manage Risk with Additional multifactor authentication for Sensitive Applications.
Microsoft and third-party authentication methods
You can also configure and enable Microsoft and third-party authentication methods in AD FS in Windows Server. Once installed and registered with AD FS, you can enforce MFA as part of the global or per-relying-party authentication policy.
Below is an alphabetical list of Microsoft and third-party providers with MFA offerings currently available for AD FS in Windows Server.
| Provider | Offering | Link to learn more |
|---|---|---|
| Akamai Technologies | Akamai MFA | Integrating Akamai MFA with Microsoft AD FS |
| aPersona | aPersona Adaptive multifactor authentication for Microsoft AD FS SSO | aPersona ASM AD FS Adapter |
| Cyphercor Inc. | LoginTC multifactor authentication for AD FS | LoginTC AD FS Connector |
| Duo Security | Duo MFA Adapter for AD FS | Duo Authentication for AD FS |
| Futurae | Futurae Authentication Suite for AD FS | Futurae Strong Authentication |
| Green Rocket Security | GreenRADIUS MFA Adapter for AD FS | GreenRADIUS MFA for AD FS |
| inWebo Technologies | inWebo Enterprise Authentication service | inWebo Enterprise Authentication |
| Microsoft Corp. | Microsoft Azure MFA | Configure Azure MFA as authentication provider with AD FS |
| Mideye | Mideye Authentication Provider for AD FS | Mideye two-factor authentication with Microsoft Active Directory Federation Service |
| Okta | Okta MFA for Active Directory Federation Services | Okta MFA for Active Directory Federation Services (AD FS) |
| One Identity | Defender AD FS | Defender AD FS Adapter |
| Ping Identity | PingID MFA Adapter for AD FS | PingID MFA Adapter for AD FS |
| RSA | RSA SecurID Authentication Agent for Microsoft Active Directory Federation Services | RSA SecurID Authentication Agent for Microsoft Active Directory Federation Services |
| SecureMFA | SecureMFA OTP Provider | AD FS multifactor authentication Providers |
| Swisscom | Mobile ID Authentication Service and Signature Services | Mobile ID Authentication Service |
| Symantec | Symantec Validation and ID Protection Service (VIP) | Symantec Validation and ID Protection Service (VIP) |
| Thales | SafeNet Trusted Access (STA) | Authentication with AD Federation Services |
| Trusona | Essential (passwordless MFA) and Executive (Essential + Identity Proofing) | Trusona multifactor authentication |
Custom Authentication Method for AD FS in Windows Server
We now provide instructions for building your own custom authentication method for AD FS in Windows Server. For more information, see Build a Custom Authentication Method for AD FS in Windows Server 2012 R2.
See Also
Manage Risk with Additional multifactor authentication for Sensitive Applications
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for