SharePoint on-prem, ADFS, and OneDrive for Business

Thomas Kupka · ‎Nov 03 2017

I have a SharePoint 2016 farm on-premises using ADFS authentication. I'm having problems integrating the farm with OneDrive for Business.

I set up my ADFS IdentifierClaim for SP is using sAMAccountName, and I'm wondering if that is causing the problem.

Is it a requirement (or strongly encouraged) to use email address for the Identifier Claim when creating a new SharePoint SPTrustedIdentityTokenIssuer?

Thomas Kupka · ‎Dec 12 2017

In case anyone else has this problem... I worked out the solution with Microsoft. Simple fix, just hard to find. It turns out you have to set the Security Token Service "SuppressModernAuthForOfficeClients" to True. It is False OOTB.

$sts = Get-SPSecurityTokenServiceConfig
$sts.SuppressModernAuthForOfficeClients = $True
$sts.Update()

Reset IIS on all WFE's in the farm. I was then able to sync SharePoint on-prem with OneDrive for Business.

Michael Bunschoten · ‎Apr 07 2018

Thanks for this solution! Just updated a SharePoint farm, with the same configuration and Skype for Business was not able to sync, but this solved it.

Thomas Kupka · ‎Apr 07 2018

Glad it helped someone. I was pulling my hair our for months trying to figure that out. Such a simple fix, but not very well documented.

SharePoint on-prem, ADFS, and OneDrive for Business

SharePoint on-prem, ADFS, and OneDrive for Business

Re: SharePoint on-prem, ADFS, and OneDrive for Business

Re: SharePoint on-prem, ADFS, and OneDrive for Business

Re: SharePoint on-prem, ADFS, and OneDrive for Business

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

SharePoint on-prem, ADFS, and OneDrive for Business

SharePoint on-prem, ADFS, and OneDrive for Business

Re: SharePoint on-prem, ADFS, and OneDrive for Business

Re: SharePoint on-prem, ADFS, and OneDrive for Business

Re: SharePoint on-prem, ADFS, and OneDrive for Business