SharePoint
Feedback by UserVoice

I suggest you ....

SharePoint Online People picker does not resolve people in Azure AD groups

I've found that in SPOnline, if you add Azure AD groups (I've only tested with Security Groups at this stage), to the SharePoint groups (e.g. Owners, Members, Visitors), then the people pickers inside that Site Collection, will not resolve people.

To get around this, you either have to add (and then remove) the person, as an individual, manually to any of the SP Groups, or that person has to login to the Site Collection.

This is a real pain when you're trying to set up sites before people access them and the fact that it's localized to Site Collections, means you end up using the workarounds over and over again.

Either the people picker needs to be smarter and enumerate the users in Azure AD groups (possibly part of this request: https://sharepoint.uservoice.com/forums/330318-sharepoint-administration/suggestions/8216679-ship-sharepoint-server-2016-with-a-saml-claims-awa) or SharePoint Online itself needs to populate it's local user cache by enumerating the membership of groups.

I suspect this is somewhat mitigated in SP on-prem, by the User Profile Sync service, though you're probably having to wait for the sync to happen for group memberships to be updated, but at least the existence of a person appears to be shared across Site Collections.

Note: in my situation, I have the added complication that all the users involved are external - not part of our domain, but have been added to our Azure AD using B2B.

I've yet to test this in a non-B2B situation or in our on-prem SP2016.

9 votes
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Craig Humphrey shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Nigel Swain commented  ·   ·  Flag as inappropriate

    The latest version of the SPO Management Shell contains a cmdlet called Set-SPOTenant -ShowPeoplePickerSuggestionsForGuestUsers $True. It may help you with what you need. Guest users will only show in people picker if there is an entry in the User Information List in the same Site Collection, and only after they have accepted the invitation from Azure AD

Feedback and Knowledge Base