Forum Discussion
The new Azure AD sign-in and “Keep me signed in” experiences rolling out now!
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online
Kelvin Xia wrote:
To support SharePoint mapped drives with ADFS, we recommend setting up PSSO which will result in the same logic as a user manually checking the old KMSI checkbox.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/ad-fs-single-sign-on-settings#enable-psso-for-office-365-users-to-access-sharepoint-online
That claim did not work for me and my customers (tried it with two different setups), but MS support supplied the following claim rule, that works just perfectly:
c:[Type == "http://schemas.microsoft.com/ws/2012/01/insidecorporatenetwork"] => issue(Type = "http://schemas.microsoft.com/2014/03/psso", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);
Using this rule gets rid of the username prompt "Pick an account". For my customer that is the solution to the problem.
Kelvin Xia: I'd be pleased to keep on working on the "Pick an account" prompt to get it working as designed.
- Marc DeboldSep 16, 2018Copper Contributor
Daniel Park wrote:Marc Debold does this new claim rule replace both the insidecorporatenetwork claim and the psso claim or is it in addition to them?
I can't really remember (should have blogged it, darn!), but I suppose, it was a replacement, as it issues the PSSO when inside network condition is met.
- Daniel ParkAug 20, 2018Copper Contributor
Marc Debold does this new claim rule replace both the insidecorporatenetwork claim and the psso claim or is it in addition to them?
- Dan MoodyFeb 26, 2018Copper Contributor
This new rule has worked for us so far! Thanks.