How to configure Access Control Policy for relying party in AD FS in Powershell

Ivan Doskochynskyi 21 Reputation points
2020-08-10T15:15:48.497+00:00

I tried to configure Access Control Policy for relying party in AD FS in Powershell:

Set-AdfsRelyingPartyTrust -Name "RPon2019" -AccessControlPolicyName "Permit everyone and require MFA for specific group" -AccessControlPolicyParameters "MFA Users"

or by

Set-AdfsRelyingPartyTrust -Name "RPon2019" -AccessControlPolicyName "Permit everyone and require MFA for specific group" -AccessControlPolicyParameters "Mydomain\MFA Users"

but receive an error:
Set-AdfsRelyingPartyTrust : Parameter set cannot be resolved using the specified named parameters

How to configure it correctly from Powershell

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,240 questions
0 comments
Accepted answer
  1. Pierre Audonnet - MSFT 10,181 Reputation points Microsoft Employee
    2020-08-10T15:35:48.6+00:00

    The problem is not about the AccessControlPolicyParameters parameter but about the Name parameter.

    When setting things, you need to use TargetName or TargetIdentifier. The Name is holding the new name if you rename the relying party trust. So in your case, the proper syntax would be: 

    Set-AdfsRelyingPartyTrust -TargetName "RPon2019" -AccessControlPolicyName "Permit everyone and require MFA for specific group" -AccessControlPolicyParameters "MFA Users"

    And you can use either DOMAIN\GROUP or the GROUP syntax if the group is in the same domain as the ADFS farm.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.