The AdfsWebApiApplication resource needs to support Access Control Policy Parameters.
New resource property required:
Property Name
Type
Description
AccessControlPolicyParameters
MSFT_AdfsAccessControlPolicyParameters
Specifies the parameters and their values to pass to the Access Control Policy.
The MSFT_AdfsAccessControlPolicyParameters class would contain the following properties:
Parameter
Type
ValueMap
Description
GroupParameter
String Array
Specifies the group parameter
This is enough to provide support for the built-in Access Control Policies and the ability to later add support for custom Access Control Policies.
Here are details of the built-in Access Control Policies and what parameters they take:
AccessControlPolicyName AccessControlPolicyParameters
----------------------- -----------------------------
Permit everyone
Permit everyone and require MFA
Permit everyone and require MFA for specific group {GroupParameter}
Permit everyone and require MFA from extranet access
Permit everyone and require MFA from unauthenticated devices
Permit everyone and require MFA, allow automatic device registration
Permit everyone for intranet access
Permit specific group {GroupParameter}
The
AdfsWebApiApplication
resource needs to support Access Control Policy Parameters.New resource property required:
The
MSFT_AdfsAccessControlPolicyParameters
class would contain the following properties:This is enough to provide support for the built-in Access Control Policies and the ability to later add support for custom Access Control Policies.
Here are details of the built-in Access Control Policies and what parameters they take:
Example AccessControlPolicyParameters property: