Set-Adfs
Azure
Mfa
Tenant
Syntax
Set-AdfsAzureMfaTenant
-TenantId <String>
-ClientId <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-AdfsAzureMfaTenant cmdlet enables an Active Directory Federation Services (AD FS) farm to use Azure Multi-Factor Authentication (MFA) after a certificate has been created and registered in the Azure Active Directory (AD) tenant.
Examples
Example 1: Enable Azure MFA
PS C:\> $certbase64 = New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID>
PS C:\> New-MsolServicePrincipalCredential -AppPrincipalId 981f26a1-7f43-403b-a875-f8b09b8cd720 -Type asymmetric -Usage verify -Value $certBase64
PS C:\> Set-AdfsAzureMfaTenant -TenantId <your tenant ID> -ClientId 981f26a1-7f43-403b-a875-f8b09b8cd720
This command creates a certificate for Azure MFA, registers it in the tenant, and enables Azure MFA on the AD FS farm.
Example 2: Determine the Azure MFA certificate
PS C:\> New-AdfsAzureMfaTenantCertificate -TenantID <your tenant ID> -out-file amfacert.cer
This command determines which certificate Azure MFA is using, after AD FS has been configured for Azure MFA using the previous example.
Required Parameters
Specifies the well-known ID of the Azure MFA application in Azure AD.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the GUID representation of an Azure AD tenant ID. This can be found in the URL bar of the Azure AD portal, as in this example:
https://manage.windowsazure.com/contoso.onmicrosoft.com#Workspaces/ActiveDirectoryExtension/Directory/\<tenantID_GUID\>/directoryQuickStart
You can also use the Login-AzureRmAccount cmdlet that is part of the Azure PowerShell module to get the tenant ID.
Type: | String |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Optional Parameters
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |