Support Hybrid Search on premise with a SAML authentication mode
Allow ADFS users to search on premise on their Online AND Onpremise content. ADFS is the only way to provide SSO between Online and OnPremise environment but cannot be used because of the ACL mapping in the Cloud SSA when returning results OnPremise.
Brian “B” Laws commented
This is seriously needed. Many, many large enterprise customers use AD FS for their identity provider. All federal agencies I've worked with do as well. Not being able to use Hybrid Search due to the failed ACL/claims mapping massively cripples hybrid capabilities with large enterprises and reduces the investments made.
Matti Loebel commented
As far as we know, the only feasible approach to realize custom security in SharePoint Online is to mirror all custom security principals in an Active Directory. To protect the productive Kerberos Token we would need to set up an additional AD Forrest to sync custom security groups to Azure AD.
This is very annoying because the implementation becomes unnecessarily complex and expensive.