Forum Discussion
SharePoint on-prem, ADFS, and OneDrive for Business
I have a SharePoint 2016 farm on-premises using ADFS authentication. I'm having problems integrating the farm with OneDrive for Business.
I set up my ADFS IdentifierClaim for SP is using sAMAccountName, and I'm wondering if that is causing the problem.
Is it a requirement (or strongly encouraged) to use email address for the Identifier Claim when creating a new SharePoint SPTrustedIdentityTokenIssuer?
3 Replies
In case anyone else has this problem... I worked out the solution with Microsoft. Simple fix, just hard to find. It turns out you have to set the Security Token Service "SuppressModernAuthForOfficeClients" to True. It is False OOTB.
$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients = $True
$sts.Update()Reset IIS on all WFE's in the farm. I was then able to sync SharePoint on-prem with OneDrive for Business.
Thanks for this solution! Just updated a SharePoint farm, with the same configuration and Skype for Business was not able to sync, but this solved it.
- Glad it helped someone. I was pulling my hair our for months trying to figure that out. Such a simple fix, but not very well documented.
