This is how to enable SSO access to Office 365 with browsers other than IE and Edge using ADFS 4.0. This is done by adding the browser user agents to the ADFS config.
First, confirm the current config:
Get-AdfsProperties | select -ExpandProperty wiasupporteduseragents MSAuthHost/1.0/In-Domain MSIE 6.0 MSIE 7.0 MSIE 8.0 MSIE 9.0 MSIE 10.0 Trident/7.0 MSIPC Windows Rights Management Client MS_WorkFoldersClient =~Windows\s*NT.*EdgeNow we add Chrome, Firefox, and any other Mozilla compatible browser:
Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Mozilla/5.0")Check the result:
MSAuthHost/1.0/In-Domain
MSIE 6.0
MSIE 7.0
MSIE 8.0
MSIE 9.0
MSIE 10.0
Trident/7.0
MSIPC
Windows Rights Management Client
MS_WorkFoldersClient
=~Windows\s*NT.*Edge
Mozilla/5.0Now, restart ADFS:
net stop adfssrv
net start adfssrvNote that you could also add individual browsers instead of Mozilla/5.0 in case you wanted some browsers supported and not others. For example you might use Firefox for Global Admin users connecting to Office 365, so they can be signed into the Windows with one account, and use an Admin account to login to Office 365 using Firefox. So you could use something like this:
Set-AdfsProperties -WIASupportedUserAgents ((Get-ADFSProperties | Select -ExpandProperty WIASupportedUserAgents) + "Chrome" + "Firefox")Test using Chrome or Firefox, and you should find that SSO is working properly.
Note that Firefox also requires some client side configuration. Type in about:config and add the address of your ADFS server (e.g. sts.domain.com) to network.automatic-ntlm-auth.trusted-uris.
If you have any issues or want to remove this, you can reset the list to the default as follows:
Set-ADFSProperties -WIASupportedUserAgents @("MSAuthHost/1.0/In-Domain", "MSIE 6.0", "MSIE 7.0", "MSIE 8.0", "MSIE 9.0", "MSIE 10.0", "Trident/7.0", "MSIPC", "Windows Rights Management Client", "MS_WorkFoldersClient","=~Windows\s*NT.*Edge")
