question

MARCELBALCAREK-7675 avatar image
0 Votes"
MARCELBALCAREK-7675 asked BalcarekMarcel-1863 edited

sharepoint 2013 azure ad application proxy - set email property in user profile

Hello,

We are using the Azure AD Application Proxy to allow users to sign on to our on-premise SharePoint 2013 system with Azure AD credentials. Ref: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial

I have noticed that when I invite an Azure AD user to a SharePoint group, their Work Email (email) user profile property is not set.

I can set it manually by using Set-SPUser, but is there a way to set it automatically via the proxy?

Update: In https://docs.microsoft.com/en-us/sharepoint/user-profile-sync it indicates that the proxy address is mapped to the work email. I have checked and the proxy address is set correctly.
Do I need to have a functioning User Profile Sync to make this work?

office-sharepoint-server-administration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

EchoDu-MSFT avatar image
0 Votes"
EchoDu-MSFT answered EchoDu-MSFT commented

Hello @MARCELBALCAREK-7675 ,

According to my research, we recommend you to have a functioning User profile synchronization.

Thanks,
Echo Du
=====================
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @MARCELBALCAREK-7675 ,

Is there anything else I can help with regarding this issue?
You can comment us at any time and we will continue to follow up.

0 Votes 0 ·

Hi @MARCELBALCAREK-7675 ,

Would you tell me whether your issue has been resolved or have any update?
I am looking forward to your reply.

Have a nice day!

Thanks,
Echo Du

0 Votes 0 ·
BalcarekMarcel-1863 avatar image
0 Votes"
BalcarekMarcel-1863 answered BalcarekMarcel-1863 edited

The issue is not resolved. I have a guest user from Azure AD invited into SharePoint 2013 on-premise by inviting the user to a SP group

96111-azad-userinsp2013.png


Here are my settings in the Azure AD Enterprise application:
96009-azad-userinazad.png

96049-azad-attributemappings.png


My User Profile Synch Service Application is 'started' and User Profile Synch Service is 'started', but I do not see the new user in Central Admin; Manage User Profiles.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BalcarekMarcel-1863 avatar image
0 Votes"
BalcarekMarcel-1863 answered BalcarekMarcel-1863 edited

The tutorial documentation (https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/sharepoint-on-premises-tutorial) changed about 5/5/2021, so I have adjusted my claims section in azure AD
96151-azad-attributemappingsnew.png


It seems like the email claim is no longer required (?) and I have removed it from the above Claims list. Based on the tutorial and https://docs.microsoft.com/en-us/sharepoint/user-profile-sync) - I expect the Work Email to still be populated.

This article also suggests "Typically, user profiles are created automatically for all accounts that are created in Microsoft 365. For organizations that have a Microsoft 365 Education subscription, user profiles are not created for new accounts by default. The user must access SharePoint once, at which time a basic stub profile will be created for the user account. The stub profile will be updated with all remaining data as part of the sync process."

I am using a developer tenant - I noticed that the user shows up in Central Admin; Manage User Profiles once the user has signed on to SharePoint on-premise the first time.
Update: after the users first signon and having checked their profile existed in Central Admin; Manage User Profiles - I ran the full synchronization timer job - after this job completed, the "work email" is still not populated.

Do I need to set anything up in Central Admin, for the User Profile Service Application - under Synchronization "Configure Synchronization Connections"? Currently this area is empty.
96449-azad-upsa.png

Any advise is appreciated.






5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.