Is it possible to have a SAML/ADFS 'User Account' assigned permissions within the SharePoint 2013 Site Collection Users and Permissions section (either within a SharePoint Group or explicitly)? I.e. Can I add a 'user' from an ADFS3.0 claim into, say, the Site Visitors SharePoint Group?
Looking at technet instructions, this used to be possible with ADFS2.0 and SharePoint 2010, but now you have to assign the 'user' rights at the Web Application level (via Central Admin), and within the 'User Roles' for that Web App!?!?!?
Has anyone deployed ADFS3 with SP2013 and been able to use Authorisation within the Site Collection at all?
Thanks
Phil