Score:0

Can you enable certificate authentication in ADFS for devices *only* so that users don't receive a certificate prompt in the browser?

cn flag

Everything is in 2019 functional level.

We host our ADFS WAPs in Azure. Because the Azure servers are registered in Azure AD, they have the Azure DRS CA in the trust chain, and so the WAPs are willing to accept registered device certificates for any workstation, even though those devices aren't actually registered in our tenant. This has a side-effect of prompting users for certificates that the server must be able to trust, but that we don't accept for authentication (because the devices are registered in another tenant).

So the proper flow here is for users to just cancel the certificate prompt, but that's not particularly intuitive. Further, we will be deploying a website to customers soon where we will be creating their AD accounts in our directory, so they'll be authenticating through our ADFS. This means that if their org is using Azure AD device registration, the client will theoretically have a valid certificate as far as the web server is concerned, and so the user will be prompted to transmit it.

Is there a way to enable certificate authentication for devices only so that users don't get prompted for certificates?

Noor Khaldi avatar
br flag
As far I know, nope, can't be done. Maybe remove the servers from being Azure AD Joined to remove that CA cert? why do you need the servers to be joined? WAP doesn't need it
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.