There is new logic in the User Profile Service Application that will prevent user migration between authentication providers. This means no more migrating from Windows to Trusted Identity Provider or Trusted Identity Provider during User Profile Sync.

This is only available for SharePoint Subscription Edition(SE) and SharePoint 2019 with February 2023 CU.

AuthProviderTypeChangeEnabled is set to false out of the box. If you have Windows user profiles and want to sync them as SAML, the sync will not happen for those profiles. The ULS log entry will show during the sync:

05/27/2023 07:08:09.17        OWSTIMER.EXE (0x3094)        0x4C64        SharePoint Portal Server        User Profiles        4ytvv        High        Trying to migrate account from ‘contoso\User1’ to ‘i:0e.t|ContosoAdfs|user1@contoso.com’, which is not allowed because the authentication provider type is changed.        e56b4303-927d-43eb-a9ac-8f47d92fe65c

To change the property to true we need to do that at the UPA’s proxy:

$upaproxy = Get-SPServiceApplicationProxy | ? {$_.typename -eq "User Profile Service Application Proxy"}
$upaproxy.AuthProviderTypeChangeEnabled = $true
$upaproxy.Update()

I would suggest running the sync and flipping the property back to $false to prevent migrations.