How to Enable IdpInitiatedSignon Page In AD FS 2016

One of the deployment validation and testing tools which was also present in earlier AD FS releases is the /IdpInitiatedSignon.htm page.  This page is available by default in the AD FS 2012 R2 and earlier versions.  Though it should be noted this page is disabled by default in AD FS 2016.

From the system you wish to test from, navigate to the AD FS namespace's idpinitiatedsignonpage.  This will be in the format of:

https://<AD FS name>

In this case the AD FS namespace is so the test URL is:

Alternatively a lot of deployments use the Secure Token Service (STS) as the namespace.  An example would be:


IdpInitiatedSignon Page On Windows 2012 R2

The IdpInitiatedSignonPage is enabled by default on Windows 2012 R2 AD FS.  The Tailspintoys example is shown below.

Windows 2012 R2 AD FS - IdpinitiatedSignon



Testing IdpInitiatedSignon Page On Windows 2016

The IdpInitiatedSignon page is disabled by default on AD FS 2016.  If you attempt to navigate to the URL, the below error will be displayed:

Windows 2016 AD FS - IdpinitiatedSignon

The displayed error was:

An error occurred

The resource you are trying to access is not available. Contact your administrator for more information.


Enabling IdpInitiatedSignon Page On Windows 2016

The idpInitiatedSignon page is controlled via the EnableIdpInitiatedSignonPage property on the AD FS farm.

In the below example we will check the current status of the EnableIdpInitiatedSignonPage property, noting that it is set to $False.

Get-AdfsProperties | Select-Object EnableIdpInitiatedSignonpage

EnableIdpInitiatedSignonPage Set to $False


To enable the EnableIdpInitiatedSignonPage, it is simply a matter of setting EnableIdpInitiatedSignonPage to $True


Set-AdfsProperties –EnableIdpInitiatedSignonPage $True

Setting EnableIdpInitiatedSignonPage Set to $True


Verifying IdpInitiatedSignon Page Functions On Windows 2016

Now that we have set EnableIdpInitiatedSignonPage to $True, we can verify that the page works.

Note that in the below example, the AD FS namespace has been added to he local intranet zone in IE so that we can benefit from a slipstreamed logon experience.

Windows 2016 IdpInitiatedSignon Page Now Working

Since the the AD FS namespace is present within the local intranet IE security zone, by default this will provide the credentials to the AD FS endpoint.

Windows 2016 IdpInitiatedSignon - Signed In!  -- YAY!!

As you can see in the highlighted red box – we are now signed in.




Comments (5)

  1. James says:

    The problem I have is that I’m on 2012r2, and upgrading to 2016. I don’t like that I have to replace the entire farm in one change mgmt (12 servers for us) to enable this feature on our WAPs. Seems a lot of risk to assume for a high visibility resource as opposed to a more graceful, phase in/phase out of nodes.
    The big hangup, is one of our apps requires IDP as their website does not support a redirect back to ADFS for logon.

  2. Farooq says:

    Hi Rhoderick,
    thank you so much for the post. You are always very helpful. Keep it up, God Bless you

  3. Owyeah!!
    thnk you so much for this tip man.
    I`ll post it in my blog with your permition.

  4. Chisha says:

    Hi Thank you so much your post has saved me alot of time and headaches (even though the headache part is a lie 🙂 I am already feeling it).

    Very Helpful blog I am so glad I found it. God bless

Skip to main content