Question

We are lookingto implement ADFS authentication in our SharePoint 2013 environment. We have two Active Directory domains: one for employees and one for external users. If we use the email address as the claim type for SharePoint and want to convert all users, including the external users, to ADFS, will we run into issues if there is any duplication of email addresses? The reason I ask is because the email address for external users is entered manually by our help desk, vs being populated as a part of the exchange account creation process for employees.

Also, what happens if an external user changes their email address (which happens regularly)? I would assume it shouldn’t have any impact since the real authentication to the ADFS servers occurs with their domain account. I just don’t know if SharePoint would suddenly see the new email address as a totally different account.

Was it helpful?

Solution

if there are more than one account with same email address it will cause the issue.

if the primary identification claim (email) changes, nothing in SharePoint will match, and the user will be considered completely separate.. all permissions and item tracking (tasks assigned, user profiles, etc) will effectively belong to a different user.

https://social.technet.microsoft.com/Forums/office/en-US/c4f0b4c8-de94-40c5-a5a2-cf9cbecd92ac/issue-with-adfs-trusted-provider-and-ad-having-2-users-with-same-email-address?forum=sharepointadmin

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top