Search
Close this search box.

ADFS SSO web browsers

When you implement ADFS 3.0 with Office365 to have single sign-on for your users, it becomes quite frustrating to have to re-enter your password credentials with Chrome, Firefox, Safari,… . For this to work with your new ADFS 3.0 infrastructure, you will need to change two variables in your configuration WIASupportedUserAgents and ExtendedProtectionTokenCheck. Indeed, some browsers, such as Firefox, Chrome, and Safari, do not support extended authentication protection – a protection that allows them to be used across the Windows platform to protect users from man-in-the-middle attacks. To prevent this type of attack from happening, the default setting of ADFS is $true. In order to allow other browsers to authenticate without asking you for your login and password, you need to remove this security. If you want to allow your users to authenticate without having a Windows prompt, follow the steps below

1. Disable extended protection on each of your ADFS servers

Script.ps1
PS C:\Users\John> Set-ADFSProperties -ExtendedProtectionTokenCheck None

2. Then add the necessary agents. In yellow you will find the new agents for Firefox/Chrome and Safari.

Script.ps1
PS C:\Users\John> Set-ADFSProperties -WIASupportedUserAgents @(“MSIE 6.0″, “MSIE 7.0″, “MSIE 8.0″, “MSIE 9.0″, “MSIE 10.0″, “Trident/7.0″, “MSIPC”, “Windows Rights Management Client”, “Mozilla/5.0″, “Safari/6.0″, “Safari/7.0″)

3. Finally, restart the ADFS service on all your servers:

Script.ps1
PS C:\Users\John> Net Stop ADFSSRV
PS C:\Users\John> Net Start ADFSSRV

To test if this works, open a browser other than internet explorer and log into your Office 365 portal. You should not get any messages asking you to authenticate if you are logged in as an active user in Office365.

Share this article

Tags
AA/CQ (1) ADFS (2) Android (4) API (2) Applications Teams (1) AudioCodes (1) Azure AD Connect (5) Call plan (1) Copilot (3) desktop application (3) DTEN (2) Headset (2) Jabra (2) License (2) Logitech (8) Mesh (2) Microsoft 365 (3) Microsoft Ignite (2) Microsoft Teams Devices (3) Microsoft Teams Meeting (26) Microsoft Teams Phone (13) Microsoft Teams Premium (2) Microsoft Teams Room (40) MTRoW (4) Neat (3) Panel (2) Poly (8) Power Automat (2) Power Point (2) PowerShell (11) QoS (1) Queue (2) SchedulingPoll (1) SIP Gateway (3) Snom (1) Stream Deck (1) Teams 3rd party App (2) Teams Admin Center (1) Teams Display (2) telephony (2) Viva Engage (1) Webcam (2) Wordpress (2) Yammer (3) Yealink (4)
Archives

Want to migrate or connect your phone system to Teams?

Write to me and let's keep in touch!

Contact me
small_c_popup.png

Formulaire de contact

Discutons ensemble de vos projets

small_c_popup.png

Contact form

Let's discuss your projects together