Hello,

We have a SharePoint 2013 environment utilizing SAML-based claims for certificate smart card authentication through ADFS 3.0. We often have issues where users will not be properly created in AD, preventing legitimate users with a valid smart card from authenticating.

The presence of a valid smart card automatically indicates the user in question should have access to SharePoint. Is there any way to utilize ADFS out of the box, with an attribute, for example, to populate the information that can be scraped from the card and use that to automatically provision a user in AD if the user does not already exist?

Thank you,
Joseph Irvine

If there is a specific attribute that the card exposes, you could use that to pass a claim to SharePoint -- SharePoint would need to be configured to leverage that claim to assign access.