ADFS Prompting for Domain Authentication on Domain-joined PCs Wednesday 30th October 2019 11:00 AM


At approximately 10 AM on 30 October, the Systems group updated DNS so that internal resources would communicate directly with the ADFS nodes, which are domain-joined. Previous to this, internal ADFS DNS records pointed the users to the external proxy servers that were not domain joined. This was required for devices communicating with Azure for licensing as well as for OneDrive for Business syncing and other Azure features. This does not block users from authenticating, but it does change authentication from a form on the page to a domain based authentication prompt (pops up). If the site is accessed with Firefox or Chrome on the same computer, the form based authentication is presented. Non-domain joined computers will not see this issue.

The Systems team is investigating if we can develop a work around to this.

Impact: This impacts users authenticating to ADFS backed resources (mymu.marshall.edu, muonilne.marshall.edu) from Domain Joined workstations using Internet Explorer or Edge only.

Affected Applications: All ADFS resources from Domain joined machines will experience this.