Forum Discussion
Sharepoint one drive on premise integrated with ADFS
Hi,
I would like to clarify regarding the one drive deployment on premise. We are planning to have a one drive on premise integrated with ADFS to provide SSO and MFA experience.
To integrated Sharepoint with ADFS we have the follow the below article:
We have configured a webapplication with windows authentication and extended the same web app to use ADFS authentication.
We noticed that if we login to the main webapp using a user called Test1
a personal site will be created as follows: http://onedrive.xxx.com/me/test1
If we login to the extended webAPP using the same user and using ADFS authentication a new personal site will be created as follows:
http://onedrive.xxx.com/me/Test11
is it normal behavior because i expecting to access the same content with the same user regardless of the authentcation method.
When checking the UPS service i can see two profiles for the same user as follows :
i:05.t|xxx.com|test@xxx.com
xxx\test
Please i need to understand this point to see if this is normal or we missing something.
- mr_w1nst0nIron Contributor
Najwan975 this is the expected behavior.
When you use different authentication method (NTLM and ADFS) SharePoint treats the accounts as unique even if behind is the same person and therefore it duplicates the entry as you have well spotted by yourself in the UPS service.
For SharePoint they are 2 completely different users
It is good practice to provide only 1 authentication method for the end-user.
I used to keep NTLM active only for SP service accounts and the extended ADFS url to end-users.
If you keep the end-users access both you will quickly ending up with permission issues everywhere
- najwanCopper ContributorThanks for your reply.
You are right this what we found so far and this will present another challenge since the one drive app cannot work with ADFS authentication and if we want to allow it on the network with NTLM people accessing this application will not have access to their content.
Unless we have to go edit the new profile created and grant the personal site secondary owner with windows authentication.
But this will take too much work on the back end especially if we have large number of users.- mr_w1nst0nIron Contributor
Just to clarify one point.
OneDrive app does not support SSO/ADFS authentication
OneDrive For Business app (the one you can download directly when accessing SharePoint On-Premise) should support SSO/ADFS (unless something changed).
Which version of OneDrive app are you using in the environment ?