This policy rule will be used to allow our Domain Users (corp.local) to login by leveraging the AD FS authentication methods we setup earlier as part of our 3rd Party Identity Provider configuration.

1. Select ALL RANGES for the network range
2. Select All Device Types for the content origin
3. Enter Domain Users into the user groups search field
4. Click the Domain [email protected] result to select the group

1. Scroll down to find the additional configuration options
2. Select Authenticate using... as the action
3. Set the 1st authentication method as Windows Authentication.
4. Set the fallback authentication method as ADFS Password
5. Click Save

This Policy Rule will first attempt to authenticate our users via Windows Authentication with AD FS.  Should that fail or be inapplicable, password authentication will be attempted.

We need our policy rule that will handle AD FS authentication for our domain users to be processed first, otherwise our All Users policy that we configured for Password (Local Directory) will attempt to apply for our domain users instead of our intended policy.

1. Click and drag the handle for the policy rule we just created for AD FS to the top of the list.  This
2. Click Next.