Management

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 787 other subscribers

Social

  • LinkedIn
  • RSS Feed for Posts
  • Twitter
  • StumbleUpon

[Solved] ADFS : Enable Single Sign-on (SSO) for Edge and Chrome browser

Problem:

When users upgraded their Desktop or notebook from Windows 7 or 8.1 to Windows 10, Edge (Internet Explorer’s replacement) stopped auto-logging in people when trying to hit the Active Directory Federation Services (ADFS) server from inside the corporate network to sign in to Office 365.

Solution:

Change the ADFS WIASupportedUserAgents options

Check the current supported Browsers:

Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

Add Chrome and Edge browsers (in Red)

Set-AdfsProperties –WIASupportedUserAgents @(“MSAuthHost/1.0/In-Domain”,”MSIE 6.0″,”MSIE 7.0″,”MSIE 8.0″,”MSIE 9.0″,”MSIE 10.0″,”Trident/7.0″, “MSIPC”,”Windows Rights Management Client”,”Mozilla/5.0″,”Edge/12″)

Restart the ADFS service

Wait unitl finished

Again Check the supported Browsers

Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents

13 comments to [Solved] ADFS : Enable Single Sign-on (SSO) for Edge and Chrome browser

  • Joe

    FYI has bad quotes when copied to powershell.

    • Richard Voogt

      Thanks for the heads-up, but i don’t have this problem, just tested the command in powershell and everything went fine.
      Maybe this is a language/keyboard setting.

      So everyone be warned, for this advise of Joe ! :)

    • I also had the same problem with quotes. I simply copied the command into Notepad and replaced the quotes [these quotes (“)(″) were replaced with this quote (“)]

      After the replacement, the powershell command worked perfectly.

  • Artem Makaryan

    What about Mozilla? How to allow it?

  • Tom

    This is fantastic. Thank you.

  • jas

    Thank goodness, this fixed my problem. Had tried Chrome’s authserverwhitelist and authnegotiatedelegatewhitelist entries in the registry, You still need those, but this adds the support for the browsers themselves.

  • rahman

    i tried to execute the above power shell command on my desktop where i am facing this issue. however it give me error with ADFS module. Get-ADFSProperties : The term ‘Get-ADFSProperties’ is not recognized as the name of a cmdlet, function, script file,
    or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
    try again.
    At line:1 char:1
    + Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents
    + ~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Get-ADFSProperties:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    • Richard Voogt

      Hi rahman,
      You have to execute the powershell command on the adfs server. Not on your desktop computer.

  • Appleoddity

    Be warned, this is not an accurate method of adding additional user agent strings. You MUST specify additional strings that indicate if the browser is running on Windows. i.e. It should be something like “Mozilla/5.0 (Windows NT” – otherwise this completely breaks any device that tries to authenticate with Chrome / Safari / Firefox from a non-windows device.

  • Ivo Hofstede

    Thanks this solved our problem

  • Andy

    why did you add Mozilla and not Chrome?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.