Filter results in People Picker

Feb 9, 2015 at 9:59 PM
Is there a way to only show claim provider results in the people picker search screen? Currently when I do a search on a particular name I see a person showing up under the SAML grouping we've defined as well as under an Active Directory grouping. Ideally I want users to only be able to pick the SAML entry as it uses the correct SSO format for logging in to the site (the latter is just used for support accounts). Please advise, thanks!
Feb 10, 2015 at 12:26 PM
Hello,
it is possible with those 2 steps:
1: Set property IsUsedByDefault ( https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.administration.claims.spclaimproviderdefinition.isusedbydefault(v=office.14).aspx ) of AD claims provider to false
2: With a console app/PowerShell, get the SPIisSettings ( https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.administration.spiissettings(v=office.14).aspx ) of the web application > zone where you want to hide Windows Users, and remove AD claims provider from ClaimsAuthenticationProviders collection ( https://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.administration.spiissettings.claimsauthenticationproviders(v=office.14).aspx ).
cheers,
Yvan
Feb 10, 2015 at 4:43 PM
Thanks Yvand! This is close but not the answer I need. Let me explain better the configuration I have...

Web App 1 - Default zone - Windows Claims - (just used for search and internal support access. needs AD results AND saml claim provider results in People Picker)

Web App 2 - Internet zone - SAML Claims (PingFederate) & LDAPCP - (only want SAML provider results in People Picker)

My focus is really how to restrict Web App #2 to just SAML results in the People Picker. I can't remove the AD provider since it hasn't been added to this zone. The best I have found so far is to set the global "IsVisible" property of the AD provider to false using the script below. Which works except it also makes AD not visible in Web App #1. Any further thoughts on how to achieve this?

$cpm = Get-SPClaimProviderManager
$ad = get-spclaimprovider -identity "AD"
$ad.IsVisible = $false
$cpm.Update()