Return to Answer

added 79 characters in body

edited May 15, 2023 at 16:35

In ADFS authentication, the people picker doesn't validate the input, it just shows you all the claim types available.
To be able to grant rights, you should type the exact full claim string (like i:05.t|adfs|[email protected]) and make sure that the Account field in the User properties is exactly in this form (where adfs is the name of your trusted identity token issuer in SharePoint). But it is make people picker kinda unusable this way.

So, it is better to install and configure custom claims provider like LDAPCP (of course if your SharePoint Server has network access to your users' Active Directory domain).

In ADFS authentication, the people picker doesn't validate the input, it just shows you all the claim types available.
To be able to grant rights, you should type the exact full claim string (like i:05.t|adfs|[email protected]) and make sure that the Account field in the User properties is exactly in this form. But it is make people picker kinda unusable this way.

So, it is better to install and configure custom claims provider like LDAPCP (of course if your SharePoint Server has network access to your users' Active Directory domain).

Source Link

answered May 13, 2023 at 19:00

lehuspohus

In ADFS authentication, the people picker doesn't validate the input, it just shows you all the claim types available.
To be able to grant rights, you should type the exact full claim string (like i:05.t|adfs|[email protected]) and make sure that the Account field in the User properties is exactly in this form. But it is make people picker kinda unusable this way.

So, it is better to install and configure custom claims provider like LDAPCP (of course if your SharePoint Server has network access to your users' Active Directory domain).