使用ADFS将用户注册为SSPR的最佳做法? [英] Best practice to enroll users in SSPR using ADFS?

问题描述

我们计划在今年年底之前开始使用SSPR，并且我们正在尝试确定哪种最佳方式来吸引用户注册.我们仅为IT中的少数用户启用了SSPR，如果我们尝试登录https://portal.office.com， 效果很好，用户被阻止并说需要附加信息，然后通过SSPR注册获取信息.

We are planning on going live with SSPR before the end of the year and we are trying to determine what the best approach would be to get users enrolled.  We enabled SSPR for just a few users in IT and if we try to sign into https://portal.office.com it works great the user is stopped and says that additional information is required and then takes them through the SSPR registration.

不过，我们要做的是将其与我们的本地ADFS服务器集成.因此，无论用户访问哪个URL，他们都将被重定向到我们的SSO页面，然后检查他们是否已注册SSPR，如果不继续，请继续 进行登录之前先进行注册.

However what we would like to do is some how integrate this with our on prem ADFS server.  So no matter what URL the user visits they will be redirected to our SSO page and then checks to see if they are enrolled in SSPR and if not to continue with enrollment before proceeding with signing in.

我们有一台运行Azure AD Connect的服务器，我们刚刚购买了许可，以允许将密码写回到我们的本地AD群集.

We have a server running Azure AD Connect and we have just purchased the licensing to allow for password write backs to our on prem AD cluster.

推荐答案

您好，JR，您正在寻找一些特定的最佳做法吗?

Hi JR, were some specific best practices you were looking for?

您可以参考 Microsoft指南，其中包括自定义ADFS登录页和所需管理员设置的最佳做法.

另请参阅新指南， 方法:配置密码写回，以及涉及如何操作的本文 集成ADFS的密码写回.

You can refer to the Microsoft guide which includes best practices for customizing the ADFS sign-in page and required admin settings.

Please also refer also to the new guide, How-to: Configure password writeback, as well as this article which touches on how to integrate password writeback for ADFS. 

这篇关于使用ADFS将用户注册为SSPR的最佳做法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！