Site icon TOSS

Set-AdfsAdditionalAuthenticationRule

powershell

Set-AdfsAdditionalAuthenticationRule is accessible with the help of adfs module. To install adfs on your system please refer to this adfs.

Synopsis

Sets the global rules that provide the trigger for additional authentication providers to be invoked.

Description

The Set-AdfsAdditionalAuthenticationRule cmdlet sets the global rules that provide the trigger for additional authentication providers to be invoked. When the claims engine evaluates the additional authentication rules and determines the requirement for multiple factor authentication, the user is prompted to perform additional authentication. You may specify rules in the form of claim rules strings, or designate a file that contains claim rules.

Use this rule only when all your applications are capable of performing web based credential collection through Active Directory Federation Services (AD FS). Applications that use protocols like WS-Trust will fail to obtain a security token if the trigger is true as a result of evaluation of the rules.

You can also set rules on the individual relying party trust using the Set-AdfsRelyingPartyTrust cmdlet with the AdditionalAuthenticationRule parameter.

Parameters

-AdditionalAuthenticationRules
Specifies rules for additional authentication. For more information about the claims language for rules, see Understanding Claim Rule Language in AD FS 2.0 & Higher on TechNet.

    Required?                    true
    Position?                    1
    Default value                none
    Accept pipeline input?       True (ByValue)
    Accept wildcard characters?  false

-AdditionalAuthenticationRulesFile <String>
    Specifies the fully qualified file path of a text file that contains claim rules.

    Required?                    true
    Position?                    1
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-PassThru <SwitchParameter>
    Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Confirm <SwitchParameter>
    Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

-WhatIf <SwitchParameter>
    Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

Syntax

Set-AdfsAdditionalAuthenticationRule [-AdditionalAuthenticationRules] <String> [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]

Set-AdfsAdditionalAuthenticationRule [-AdditionalAuthenticationRulesFile] <String> [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]

——————–Example 1——————–
Set a global additional authentication rule
PS C:> Set-AdfsAdditionalAuthenticationRule -AdditionalAuthenticationRules ‘c:[type == “http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork”, value == “false”] => issue(type = “http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod”, value = “http://schemas.microsoft.com/claims/multipleauthn” );’
This command sets an additional authentication rule to require multiple-factor authentication.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Set-AdfsAdditionalAuthenticationRule

You can also read about

To know more PowerShell cmdlets(Commands) on Active Directory Federation Services(ADFS) click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site http://tossolution.com/

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version