Forum Discussion
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online
Kelvin Xia wrote:
To support SharePoint mapped drives with ADFS, we recommend setting up PSSO which will result in the same logic as a user manually checking the old KMSI checkbox.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online
That claim did not work for me and my customers (tried it with two different setups), but MS support supplied the following claim rule, that works just perfectly:
c:[Type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork"] => issue(Type = "http://schemas.microsoft.com/2014/03/psso", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
Using this rule gets rid of the username prompt "Pick an account". For my customer that is the solution to the problem.
Kelvin Xia: I'd be pleased to keep on working on the "Pick an account" prompt to get it working as designed.
Daniel Park wrote:Marc Debold does this new claim rule replace both the insidecorporatenetwork claim and the psso claim or is it in addition to them?
I can't really remember (should have blogged it, darn!), but I suppose, it was a replacement, as it issues the PSSO when inside network condition is met.
Marc Debold does this new claim rule replace both the insidecorporatenetwork claim and the psso claim or is it in addition to them?
This new rule has worked for us so far! Thanks.
