Direct Inward Dialing: +1 408 916 9892
ADFS redirection is the process of ADFS asking the user to sign in when they attempt to login to a network. Here are some of the things you can do when AD FS redirection does not work:
Check if the Azure AD (renamed as Entra ID) tenant is enabled for federation. To do this run the cmdlet Get-msoldomain on the Azure AD PowerShell. If your domain is federated, you will be able to see 'Federated' under the Authentication property.
Check the DNS server to ensure that it is resolving the ADFS and WAP servers accurately.
This happens when the authnContext is not supported by the server. Follow the directions below to specify a particular authentication method:
Navigate to ADFS Management > Service > Authentication Methods. In the Primary Authentication, click Edit. In the Edit Authentication Methods window, choose the authentication method from the list given.
You can choose the type of connectivity you need based on the needs of your organization.
Ensure that the attributes of the user are the same as the ones in the token issued. You can run the command line 'Get-AzureADUser' to get the user attributes.
Check if there's a change in the token-signing certificate issued by ADFS. If the change hasn't been updated in Azure AD, it will reject the token.
Check the reason for account lockouts on Active Directory event viewer.
Examine whether Extranet Lockout has been enabled or disabled.
ADAudit Plus, an Active Directory real-time reporting and auditing tool, provides reports on failed logons and extranet lockouts in Azure AD. These reports are processed from different events recorded in Active Directory and can help troubleshoot ADFS logon errors.
