3.2 AD FS Adapter OAuth prerequisites

The following prerequisites must be in place before you install the AD FS Adapter OAuth:

• Relying Party Trust

  A Relying Party Trust must exist under AD FS Management > AD FS > Relying Party Trusts to add the AD FS Adapter as a primary or additional authentication method.

• Access Control Policy

  A suitable access control policy for controlling access to the Relying Party Trust under AD FS Management > AD FS > Access Control Policies; for example, “Permit everyone and require MFA” if the AD FS Adapter is used as an additional authentication method, or “Permit everyone” if the AD FS Adapter is used as a primary authentication method.

• AD FS Service Account

  The AD FS service account must be a member of the “domain users”. The AD FS service account needs “log on as a service” permission. To set this option, from AD FS Server Manager > Tools > Local Security Policy > Security Settings > Local Policies > User Rights Assignment > Log on as a service > Local Security Setting tab > Add User or Group, add the AD FS service account user.