Search in a Federated SharePoint Deployment

Vendor supported federated claims provider

that re-enables search capabilities for users and groups in SharePoint within on-premise directories.


When deploying SharePoint with Federated Claims Authentication, the out of the box “People Picker” no longer searches your directory. Instead, it simply resolves whatever you type and accepts this as a claim value. This functionality is “as designed” by Microsoft, where SharePoint no longer has a physical connection to your Active Directory. While this makes sense when federating with external organizations where you wouldn’t search their directories for users and groups, SharePoint People Picker doesn’t allow users to search the on-premise directory. This is an especially frustrating problem for the many organizations that deploy SharePoint with Federated Claims Authentication with no intention of ever federating with external organizations.

The Optimal People Picker/Claims Provider is a vendor-supported claims provider that re-enables SharePoint’s advanced claims search capabilities. This allows end users to confidently search for and select users and groups from their on-premise directory. Optimal People Picker/Claims Provider leverages Optimal IdM’s Virtual Identity Server (VIS). In doing so, it not only supports multiple AD forests, but it also allows users to exist in any directory or database.

Finding and selecting the right object using the out-of-the-box SharePoint People Picker can be difficult, confusing and time consuming. This increases costs and end user frustration. To make matters worse, security can be compromised if the wrong user or group is selected with the People Picker.

PeoplePickerSmallKey Features

Optimal People Picker for SharePoint is a full-featured application designed to provide safe and effective advanced claims searching. It:

  • Re-enables the search capability of the SharePoint People Picker when deployed in Federated Claims mode
  • Stops SharePoint from resolving/accepting whatever is typed into the People Picker
  • Allows users and groups to exist in any directory or database.
  • Provides full support for wildcard searches
  • Filters results based on a role/group, so one set of users cannot view or select another set of users/groups
  • Can be configured so the default ADFS 2.0 claims provider can remain or be hidden

The Optimal People Picker allows you to do all of these and much more.



Reduced IT Costs

Greater search functionality improves productivity, which increases the value of your existing Microsoft environment. To help you keep costs down, VIS:

  • leverages the existing investment in Microsoft technology, extending it with increased functionality.
  • is developed in .NET technology and is designed to seamless integrate with your Microsoft environment.
  • is a platform that continues to grow with an organization’s needs.
  • has proven solutions for Microsoft applications such as SharePoint and MIIS/ILM

Eliminate Deployment Barriers

The Virtual Identity Server provides an enhanced application environment. VIS allows organizations to rapidly and easily deploy applications to users existing in multiple Active Directory forests or directories

  • The VIS Schema Manager™ eliminates the need to extend the Active Directory schema for third party LDAP applications.
  • VIS allows you to rapidly deploy applications to users existing in multiple Active Directory Forests without any forest trusts.
  • VIS simplifies your identity management deployment by accessing data at its source directly.
  • VIS provides multiple views of data, allowing for easy discreet application views of enterprise data.

Meet Audit and Compliance Initiatives

When deployed as an advanced claims search for SharePoint, Virtual Identity Server can eliminate deployment barriers

Increased Security and Control

Optimal SharePoint People Picker is equipped with additional security features that:

  • Provide administrators the capability to provide increased security to a SharePoint deployment.
  • Ensure that the correct user/group is assigned permissions in SharePoint.

Product Awards

Winner Best of Tech Ed 2013 (SharePoint)



Does VIS support Kerberos and/or NTLM/Negotiate authentications?

faq-imageYes, VIS supports Kerberos, NTLM and Negotiate as authentication options on both the listing side as well as the back-end connection sides.

Can I get a demo/evaluation version of VIS?

Yes. Please fill out a demo form with your contact information.

What data stores can the Virtual Identity Server connect to?

The Virtual Identity Server supports a number of data stores directly with out of the box adapters. Additionally, a customer or integrator can create adapters utilizing our built-in extensibility.

Is your product FIPS compliant?

Yes. Our software is running in both non-secure and secure government networks.