deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update hello-cert-trust-adfs.md

Browse Source
This commit is contained in:
MaratMussabekov
2019-11-04 11:39:59 +05:00
committed by GitHub
parent 5c124c047f
commit 3209798542
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -193,6 +193,9 @@ Sign-in the federation server with _domain administrator_ equivalent credentials
### Add the AD FS Service account to the KeyCredential Admin group and the Windows Hello for Business Users group
> [!NOTE]
> If you have a Windows Server 2016 domain controller in your domain, you can use **Key Admins** group instead of **KeyCredential Administrators** and skip **Configure Permissions for Key Registration** step.
The **KeyCredential Administrators** global group provides the AD FS service with the permissions needed to perform key registration. The Windows Hello for Business group provides the AD FS service with the permissions needed to enroll a Windows Hello for Business authentication certificate on behalf of the provisioning user.
Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.