Disabled AD Account access to SharePoint on-prem

Copper Contributor

Greetings, I have a unique problem that I am trying to resolve.  We use PingFederate (SAML) to authenticate users before being sent back to SharePoint.  Recently we federated with a couple of other companies.  Our authentication team has scripted something so that the federated users from the other companies are created in our AD as a disabled user.  This seemed to be working, PingFederate would authenticate send the user over to SharePoint with the SAML claims and I could assign permissions.  However we now see that the permissions don't seem to work as well as we first did.  I can people pick the user and grant permissions in SharePoint however when that user is logged in they do not see the site/list/library.  If I add the everyone group to the site/list/library then the authenticated federated user has access.  Quick question, does SharePoint care if the AD user account is disabled or does it totally depend on the authentication (NTLM / SAML / etc ) method to take care of authentication and then allow access to wherever the account has permissions?

0 Replies