Here is a quick article on how to configure the SharePoint Services Connector for provisioning user profiles for ADFS authenticated users. I did not find any particularly good articles on the attributes required, so here is a quick reference on what I did no make things work with ADFS authentication.
This is not a guide on how to configure the MA. You should find good information on how to do that here.
There are 5 attributes that are important. Here is a table for you.
| Attribute | Initial only | Description |
|---|---|---|
| SPS-ClaimID | This is the value of the identifier claim. This means that if you use userPrincipalname as identifier, this should be marius@goodworkaround.com, or if you use EmployeeID this should be 10032. | |
| SPS-ClaimProviderID | This is the case sensitive name of the Trusted Identity Provider configured in SharePoint. If your Trusted Identity Provider is called "SAML Users", this value should be "SAML Users". | |
| SPS-ClaimProviderType | When doing ADFS authentication, this should be the constant "Trusted". (Btw, if you are doing Windows authentication, this should be "Windows") | |
| ProfileIdentifier | This value is a bit weird when it comes to ADFS authentication. It is required, and it must be unique, and it mst be on the form "someting:unique" (something colon unique). I usually fill this with "ID:value of SPS-ClaimID"; for example "ID:10032" or "ID:marius@goodworkaround.com". | |
| Anchor | yes | Another required value that must be unique. I use the same value as the SPS-ClaimID, so marius@goodworkaround.com or 10032. The reason this attribute must be configure as initial only, is that the Anchor will actually change and overwriting it may cause some strange behavior. |
