Configure Additional Authentication Methods for AD FS

In order to enable multi-factor authentication (MFA), you must select at least one additional authentication method. By default, in Active Directory Federation Services (AD FS) in Windows Server® 2012 R2, you can select Certificate Authentication (in other words, smart card-based authentication) as an additional authentication method.

Did you know that Microsoft Azure provides similar functionality in the cloud? Learn more about Microsoft Azure identity solutions. Create a hybrid identity solution in Microsoft Azure: - Learn about Azure Multi-Factor Authentication. - Manage identities for single-forest hybrid environments using cloud authentication. - Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications.

Microsoft and third-party additional authentication methods

You can also configure and enable Microsoft and third-party authentication methods in AD FS in Windows Server® 2012 R2. Once installed and registered with AD FS, you can enforce MFA as part of the global or per-relying-party authentication policy.

Below is an alphabetical list of Microsoft and third-party providers with MFA offerings currently available for AD FS in Windows Server 2012 R2.

Custom Authentication Method for AD FS in Windows Server 2012 R2

We now provide instructions for building your own custom authentication method for AD FS in Windows Server 2012 R2. For more information, see Build a Custom Authentication Method for AD FS in Windows Server 2012 R2.

See Also

Manage Risk with Additional Multi-Factor Authentication for Sensitive Applications