Site icon TOSS



Set-AdfsGlobalAuthenticationPolicy is accessible with the help of adfs module. To install adfs on your system please refer to this adfs.


Modifies the AD FS global policy.


The Set-AdfsGlobalAuthenticationPolicy cmdlet modifies the Active Directory Federation Services (AD FS) global policy. You can also use the cmdlet to enable an external provider in the global policy.


Specifies an array of names of external authentication providers to add to the global policy.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-AllowDeviceAuthAsPrimaryForDomainJoinedDevices <SwitchParameter>
    Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-ClientAuthenticationMethods <Microsoft.IdentityServer.PolicyModel.Configuration.ClientAuthenticationMethod>
    Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-DeviceAuthenticationEnabled <Boolean>
    Specifies whether device authentication is enabled for the global policy.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-DeviceAuthenticationMethod <Microsoft.IdentityServer.PolicyModel.Configuration.DeviceAuthenticationMethod>
    Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy. This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-PassThru <SwitchParameter>
    Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-PrimaryExtranetAuthenticationProvider <String[]>
    Specifies an array of names of authentication providers for the primary extranet to add to the global policy.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-PrimaryIntranetAuthenticationProvider <String[]>
    Specifies an array of names of authentication providers for the primary intranet to add to the global policy.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-WindowsIntegratedFallbackEnabled <Boolean>
    Specifies whether fallback to Integrated Windows Authentication is enabled on the intranet.

    Required?                    false
    Position?                    named
    Default value                none
    Accept pipeline input?       false
    Accept wildcard characters?  false

-Confirm <SwitchParameter>
    Prompts you for confirmation before running the cmdlet.Prompts you for confirmation before running the cmdlet.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false

-WhatIf <SwitchParameter>
    Shows what would happen if the cmdlet runs. The cmdlet is not run.Shows what would happen if the cmdlet runs. The cmdlet is not run.

    Required?                    false
    Position?                    named
    Default value                false
    Accept pipeline input?       false
    Accept wildcard characters?  false


Set-AdfsGlobalAuthenticationPolicy [-AdditionalAuthenticationProvider <String[]>] [-DeviceAuthenticationEnabled <Boolean>] [-DeviceAuthenticationMethod <DeviceAuthenticationMethod>] [-AllowDeviceAuthAsPrimaryForDomainJoinedDevices <Boolean>] [-PrimaryExtranetAuthenticationProvider <String[]>] [-PrimaryIntranetAuthenticationProvider <String[]>] [-WindowsIntegratedFallbackEnabled <Boolean>] [-ClientAuthenticationMethods <ClientAuthenticationMethod>] [-PassThru] [-WhatIf] [-Confirm] [<CommonParameters>]

——————–Example 1——————–
Set the primary extranet authentication policy
PS C:> Set-AdfsGlobalAuthenticationPolicy -PrimaryExtranetAuthenticationProvider @(‘FormsAuthentication’, ‘CertificateAuthenticaton’)
This command sets the primary extranet authentication policy to forms-based or certificate-based authentication. In this case, the user is provided a choice when the user logs on to an application protected by AD FS from the extranet.

——————–Example 2——————–
Enable an additional authentication provider
PS C:> Set-AdfsGlobalAuthenticationPolicy -AdditionalAuthenticationProvider “A1ExternalAuthProvider”
This command enables the provider named A1ExternalAuthProvider as an additional authentication provider in the global policy. Note that the value provided for the AdditionalAuthenticationProvider parameter corresponds to the value you provide for the Name parameter in the Register-AdfsAuthenticationProvider cmdlet, and to the Name property in the output from the Get-AdfsAuthenticationProvider cmdlet.

You can check the Version, CommandType and Source of this cmdlet by giving below command.

Get-Command Set-AdfsGlobalAuthenticationPolicy

You can also read about

To know more PowerShell cmdlets(Commands) on Active Directory Federation Services(ADFS) click here

Click on this Link for an Single place where you get all the PowerShell cmdlet sorted based on the modules.

You can also refer other blogs on PowerShell at link

You can also refer other blogs on Microsoft at link

And also if you required any technology you want to learn, let us know below we will publish them in our site

Like our page in Facebook and follow us for New technical information.

References are taken from Microsoft

Exit mobile version