User Profile service uniqueness RRS feed

  • Question

  • Good afternoon, 

     I have an interesting dilemma which I am hopeful someone has encountered and resolved previously.  

    For reasons of security we have been asked to establish an ADFS connection for users entering the farm from off-location through VPN.  This has been configured in our test environment and for the most part is working well for both on-site and off-location users.  An issue however is being experienced with initiation of 2013 workflows.  

    Root cause of this is that both the ADFS and regular users are being pulled from the same branch of the active directory.  When a workflow initiates it suspends due to an error of: Multiple User Profiles found with propertyName 'SPS-UserPrincipalName' of specified value     Our team does not control the AD, nor can we request changes to it such as putting external users into another branch.  

    Is there a way to change the workflow engine and/or app security checking to key off a property other than SPS-UserPrincipalName.  For example: AccountName?

    Friday, August 4, 2017 8:12 PM

All replies

  • No. And you should establish one form of authentication for any one user. E.g. send all of your users through ADFS.

    Trevor Seward

    Office Servers and Services MVP

    Author, Deploying SharePoint 2016

    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Friday, August 4, 2017 8:19 PM