Nov 03 2017 12:40 PM
I have a SharePoint 2016 farm on-premises using ADFS authentication. I'm having problems integrating the farm with OneDrive for Business.
I set up my ADFS IdentifierClaim for SP is using sAMAccountName, and I'm wondering if that is causing the problem.
Is it a requirement (or strongly encouraged) to use email address for the Identifier Claim when creating a new SharePoint SPTrustedIdentityTokenIssuer?
Dec 12 2017 07:33 AM
In case anyone else has this problem... I worked out the solution with Microsoft. Simple fix, just hard to find. It turns out you have to set the Security Token Service "SuppressModernAuthForOfficeClients" to True. It is False OOTB.
$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients = $True
$sts.Update()
Reset IIS on all WFE's in the farm. I was then able to sync SharePoint on-prem with OneDrive for Business.
Apr 07 2018 03:38 AM - edited Apr 07 2018 03:39 AM
Thanks for this solution! Just updated a SharePoint farm, with the same configuration and Skype for Business was not able to sync, but this solved it.
Apr 07 2018 10:10 AM