The Set-AdfsGlobalAuthenticationPolicy cmdlet modifies the Active Directory Federation Services (AD FS) global policy.
You can also use the cmdlet to enable an external provider in the global policy.
Examples
Example 1: Set the primary extranet authentication policy
This command sets the primary extranet authentication policy to forms-based or certificate-based authentication.
In this case, the user is provided a choice when the user logs on to an application protected by AD FS from the extranet.
Example 2: Enable an additional authentication provider
This command enables the provider named A1ExternalAuthProvider as an additional authentication provider in the global policy.
Note that the value provided for the AdditionalAuthenticationProvider parameter corresponds to the value you provide for the Name parameter in the Register-AdfsAuthenticationProvider cmdlet, and to the Name property in the output from the Get-AdfsAuthenticationProvider cmdlet.
Parameters
-AdditionalAuthenticationProvider
Specifies an array of names of external authentication providers to add to the global policy.
Specifying this parameter configures an external authentication provider, for second stage authentication, in the global policy.
This is the first step in creating an AD FS policy that invokes an external authentication provider for multifactor authentication.
Parameter properties
Type:
String[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-AllowDeviceAuthAsPrimaryForDomainJoinedDevices
Allows the use of device authentication as the primary type for ___domain-joined devices.
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
cf
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DeviceAuthenticationEnabled
Specifies whether device authentication is enabled for the global policy.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-DeviceAuthenticationMethod
Specifies the device authentication method.
Parameter properties
Type:
DeviceAuthenticationMethod
Default value:
None
Accepted values:
All, ClientTLS, SignedToken, PKeyAuth
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-PassThru
Returns an object representing the item with which you are working.
By default, this cmdlet does not generate any output.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-PrimaryExtranetAuthenticationProvider
Specifies an array of names of authentication providers for the primary extranet to add to the global policy.
Parameter properties
Type:
String[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-PrimaryIntranetAuthenticationProvider
Specifies an array of names of authentication providers for the primary intranet to add to the global policy.
Parameter properties
Type:
String[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WindowsIntegratedFallbackEnabled
Specifies whether fallback to Integrated Windows Authentication is enabled on the intranet.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.