Forum Discussion
Azure AD B2B SharePoint on Premise using Groups
Now Azure AD Groups are transmitted as Roles-Claim to SharePoint. The only thing we changed was the AzureCP configuration (Claims Provider) by removing the UPN Claim, so that only EmailAddress and Role is used as Claim types mapped to Azure objects.
So do you mean that the suggested steps are necessary to access onPrem Farm at all, or do you mean the steps are necessary for being permitted with an Office 365 group.
Because directly authorized users already can access our onPrem SharePoint (via ADFS Proxy). I just search for an option to authorize external users by using a security group.
An alternative for me would be to have a group like "Everyone except External users". I just want to have a group (onPrem) to identify all external users.
No, you don't need to do this to access your SharePoint On-Prem. I have done the same thing to give external users access to a SharePoint 2013 On-Prem, without an App Proxy or write-back stuff.
But I'm facing the same issue you have. I can give individual users from Azure AD access to a SharePoint on-prem but when they are part of a security group in Azure and I give them access through that group, the get an access denied.
Haven't found a solution for this. Would be great to know if this is even possible or not.
Or maybe its not working with NTLM enabled, instead of Kerberos?
Now Azure AD Groups are transmitted as Roles-Claim to SharePoint. The only thing we changed was the AzureCP configuration (Claims Provider) by removing the UPN Claim, so that only EmailAddress and Role is used as Claim types mapped to Azure objects.
- Thomas,
Sounds interesting.
Could you please provide detailed steps on what you just mentioned or a link to an article that does?
