Domanda

We are exploring federating our on-premise SharePoint instance via ADFS -- there are many excellent technical SharePoint/ADFS guides available.

Is there a list of SharePoint functionality that may be lost if a user accesses via ADFS instead of via Active Directory?

Some thoughts: network drive mapping may not be available.

È stato utile?

Soluzione

There are couples of things which I experienced.

  • You have to write a custom claims provider in order to properly add users, without it Sharepoint except everything you typed in people picker.
  • You need an NTLM authentication in default Zone for the search crawling.Search crawler is not aware of saml claims.
    • if default zone with both authentication( NTLM & ADFS) then chances are user can set permission using ADFS & NT credential.But with custom claims provider you can restrict it.
    • If default zone with NTLM and extended with ADFS, then there are issues with Alerts Because Alerts Use the default zone URL.

Also

  • Search service will experience a lot of issues with ADFS crawling.
  • You will use Active Directory Import for User profile, which also has a limitation as compared to User Profile Sync.

  • Unable to Trust a Workflows that required Tenant Admin rights( another limitation of Saml).

    • few of EE services are not Samls compatible i.e Visio, powerPivot, SQL SR
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a sharepoint.stackexchange
scroll top