Adding SSO to Edge browser on ADFS 3.0

Hi all,

By default ADFS 3.0 doesn’t accept SSO on Edge browsers (and others modern browsers). To do that you need to configure it thru Powershell.

To list which browsers your ADFS are accepting you need to execute the following syntaxis:

Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

On the below image is showed the default config on ADFS 3.0. It has a few Microsoft platforms and browsers accepted.

https://technet.microsoft.com/windows-server-docs/identity/ad-fs/operations/configure-intranet-forms-based-authentication-for-devices-that-do-not-support-wia

edge_01

If you want to enable other Microsoft browsers execute the below command:

Set-AdfsProperties -WIASupportedUserAgents @(“MSIE 6.0”, “MSIE 7.0; Windows NT”, “MSIE 8.0”, “MSIE 9.0”, “MSIE 10.0; Windows NT 6”, “Windows NT 6.3; Trident/7.0”, “Windows NT 6.3; Win64; x64; Trident/7.0”, “Windows NT 6.3; WOW64; Trident/7.0”, “Windows NT 6.2; Trident/7.0”, “Windows NT 6.2; Win64; x64; Trident/7.0”, “Windows NT 6.2; WOW64; Trident/7.0”, “Windows NT 6.1; Trident/7.0”, “Windows NT 6.1; Win64; x64; Trident/7.0”, “Windows NT 6.1; WOW64; Trident/7.0”, “MSIPC”, “Windows Rights Management Client”)

Execute now Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents command to see if the new config was applied successfully:

edge_02

 

Use the below instructions to add Edge browsers:

$Props=Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
$Props=$Props+ “Edge/14”
$Props=$Props+ “Edge/12”
$Props
Set-ADFSProperties -WIASupportedUserAgents $Props

https://blogs.msdn.microsoft.com/asiatech/2016/09/06/single-sign-on-feature-not-working-with-microsoft-edge-on-window-10/

Regards!