How to add ADFS Claim Rule settings to allow access from HDE Secure Browser?

for Office 365

Question

How to add ADFS Claim Rule settings to allow access from HDE Secure Browser?

Answer

In order to allow access from HDE Secure Browser, you can add Claim Rule to permit access based on the Client User Agent. Please follow the instruction below. 

I) Add Claim Rule on AD FS (For Windows Server 2016)

II) Add Claim Rule on AD FS (For Windows Server 2012 R2)

 

I) Add Claim Rule on AD FS (For Windows Server 2016)

1) Go to Server Manager -> AD FS Management

Untitled.png

2) In the AD FS Management console, select Access Control Policies -> Select the Access Control Policy that is currently used to control access for your users, and double-click to edit the Access Control Policy.

In this article, we will add a new Access Control Policy as an example setting.

Untitled.png

 

3) Click "Add" to add new rule.

Untitled.png

4) In "Rule Editor" window:

1) Select "users" -> 'with specific claims in the request' 

2) Click on "specific", and "Select Claims" window will show up.

3) Select "Claims:" -> select "Client User Agent" for Claim type -> Select "regex matches" for Operator -> fill in "HDESecureBrowser" for Claim Value as shown in the image below.

4) Press enter and click "OK"

Untitled.png

The rule setting shown below will allow access from HDE Secure Browser. 

Untitled.png

5) Go to Relying Party Trust -> right-click on "Microsoft Office 365 Identity Platform" -> select 'Edit Access Control Policy...' -> select the Access Control Policy that you have just created.

Untitled.png

Now, your AD users should be able to access Office 365 from HDE Secure Browser.

 

II) Add Claim Rule on AD FS (For Windows Server 2012 R2)

1) Go to Server Manager -> AD FS Management

Untitled.png

2) In AD FS Management -> expand Trust Relationships -> select Relying party Trusts -> right-click on "Microsoft Office 365 Identity Platform" -> select "Edit Claim Rules...

Untitled.png

3) Go to Issuance Authorization Rules tab -> Click "Add Rule..."

Untitled.png

 4) In the Claim rule template selection, select

Untitled.png

5) Fill in the Claim rule name. In the Custom rule field, fill in the Claim Rule as shown below.

c1:[Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "HDESecureBrowser"] => issue (Type ="http://schemas.microsoft.com/authorization/claims/permit", Value ="true");

This Claim Rule will permit incoming claim with Client User Agent of HDESecureBrowser.

Untitled.png

6) Click "Finish" to add new rule. Now, you have completed adding ADFS Claim Rule setting to allow access from HDE Secure Browser.

Note: Please ensure that the rule is listed on higher priority than other access restrictions you have set.

Untitled.png

 

 

          
Was this article helpful?

Frequently Asked Questions (FAQs)

Powered by Zendesk