Mar 16 2022 01:11 PM
Greetings, I have a unique problem that I am trying to resolve. We use PingFederate (SAML) to authenticate users before being sent back to SharePoint. Recently we federated with a couple of other companies. Our authentication team has scripted something so that the federated users from the other companies are created in our AD as a disabled user. This seemed to be working, PingFederate would authenticate send the user over to SharePoint with the SAML claims and I could assign permissions. However we now see that the permissions don't seem to work as well as we first did. I can people pick the user and grant permissions in SharePoint however when that user is logged in they do not see the site/list/library. If I add the everyone group to the site/list/library then the authenticated federated user has access. Quick question, does SharePoint care if the AD user account is disabled or does it totally depend on the authentication (NTLM / SAML / etc ) method to take care of authentication and then allow access to wherever the account has permissions?