Most of the available documentation talks about ADFS as a claims-provider and the RP (the application) uses the set of claims to decide on access and functionality.
However, there are claims which restrict access at the ADFS level.
These are the permit / deny claims.
If you set these rules up correctly, you will get an “Access Denied” error from ADFS.
Because this is all controlled by the claims rules language, you can have complex IF – AND – OR – NOT scenarios to decide whether or not the user gets access to the application.