Creating user profiles without resolution?

Feb 16, 2016 at 12:39 PM
Hello Ivan,

We want to share documents with azure users.
Currently they can access the platform (auth) via ADFS without problems, but we’d like to programmatically create user profiles for them (to assign them properties)

Problem, when we try ensureuser()… createProfile(), we have a “user not found” problem, which is logical, because they do not yet exist, and you can’t LDAP query azure.
(well, perhaps you can now with azure DS preview, but atm I assume you can’t)

Any idea about a solution for what we’d like to do?
Do you have to install BOTH azurecp and ldapcp, or can you just bypass name resolution for those external users, as we'll never directly auth or name resolve with Azure?

hope i'm clear ;)

Basically we'd like to share documents with external users, and we want to create an azure account for them and link it to a sharepoint account. Azure users can auth via ADFS and sharepoint then create them a profile, can't see why we can't do this by code.

Anyway, ensureUser() gives not found. Manually trying to create the profile also fails. Any idea?

Feb 24, 2016 at 11:20 AM
to reply to my own question :)
there are two methods in the people picker, one that fills a list, and one that resolves a user.
Only a resolved user can be given permissions by the "share" button.

So you either provide a name resolution method, or bypass it to create your external user, as long as the identifier is matched with the one provided by your auth, it'll work.

For the record, if you where to implement people search on both ADFS and Azure, i expect you'd have to code some search logic in the fill method, using LDAP for AD into ADFS users, and the graph API ($filter startswith...) for the Azure into ADFS users. Tricky.