From 669ea42b64fa2c83588f92d7a651f58c4f1f6406 Mon Sep 17 00:00:00 2001 From: Jose Ortega Date: Fri, 8 Nov 2019 02:15:34 -0600 Subject: [PATCH] Adding information metioned on issue #5352 --- .../hello-hybrid-cert-whfb-settings-adfs.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md index 388da08d52..ecf275dbb0 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md @@ -51,13 +51,16 @@ Sign-in the AD FS server with *Domain Admin* equivalent credentials. The Windows Hello for Business group provides the AD FS service with the permissions needed to enroll a Windows Hello for Business authentication certificate on behalf of the provisioning user. +> [!TIP] +> The account adfssvc is the ADFS Service account. + Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials. 1. Open **Active Directory Users and Computers**. 2. Click the **Users** container in the navigation pane. 3. Right-click **Windows Hello for Business Users** group 4. Click the **Members** tab and click **Add** -5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**. +5. In the **Enter the object names to select** text box, type **adfssvc** or substitute the name of the ADFS Service account in your ADFS deployment. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. 7. Restart the AD FS server.