cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sharepoint one drive on premise integrated with ADFS

Najwan975
New Contributor

‎May 28 2022 06:21 AM

‎May 28 2022 06:21 AM

Sharepoint one drive on premise integrated with ADFS

Hi,

I would like to clarify regarding the one drive deployment on premise. We are planning to have a one drive on premise integrated with ADFS to provide SSO and MFA experience.

To integrated Sharepoint with ADFS we have the follow the below article:

 

https://docs.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/implement-saml-based-auth...

 

We have configured a webapplication with windows authentication and extended the same web app to use ADFS authentication.

 

We noticed that if we login to the main webapp using a user called Test1

a personal site will be created as follows: http://onedrive.xxx.com/me/test1

 

If  we login to the extended webAPP using the same user and using ADFS authentication a new personal site will be created as follows:

http://onedrive.xxx.com/me/Test11 

 

is it normal behavior because i expecting to access the same content with the same user regardless of the authentcation method.

 

When checking the UPS service i can see two profiles for the same user as follows :

 

i:05.t|xxx.com|test@xxx.com

xxx\test

 

Please i need to understand this point to see if this is normal or we missing something.

 

 

Labels:
938 Views
0 Likes
3 Replies
Reply
3 Replies
mr_w1nst0n

‎Jun 02 2022 03:35 AM

‎Jun 02 2022 03:35 AM

Re: Sharepoint one drive on premise integrated with ADFS

@Najwan975 this is the expected behavior.

 

When you use different authentication method (NTLM and ADFS) SharePoint treats the accounts as unique even if behind is the same person and therefore it duplicates the entry as you have well spotted by yourself in the UPS service.

For SharePoint they are 2 completely different users

 

It is good practice to provide only 1 authentication method for the end-user.

I used to keep NTLM active only for SP service accounts and the extended ADFS url to end-users.

 

If you keep the end-users access both you will quickly ending up with permission issues everywhere

 

0 Likes
Reply
najwan

‎Jun 05 2022 10:38 PM

‎Jun 05 2022 10:38 PM

Re: Sharepoint one drive on premise integrated with ADFS

Thanks for your reply.

You are right this what we found so far and this will present another challenge since the one drive app cannot work with ADFS authentication and if we want to allow it on the network with NTLM people accessing this application will not have access to their content.

Unless we have to go edit the new profile created and grant the personal site secondary owner with windows authentication.
But this will take too much work on the back end especially if we have large number of users.
0 Likes
Reply
mr_w1nst0n

‎Jun 06 2022 01:22 AM

‎Jun 06 2022 01:22 AM

Re: Sharepoint one drive on premise integrated with ADFS

@najwan 

Just to clarify one point.

 

OneDrive app does not support SSO/ADFS authentication 

 

OneDrive For Business app (the one you can download directly when accessing SharePoint On-Premise) should support SSO/ADFS (unless something changed).

 

Which version of OneDrive app are you using in the environment ?

0 Likes
Reply