In One Identity Manager, SharePoint Online entitlements can be assigned directly or indirectly to employees.
In the case of indirect assignment, employees, and entitlements are organized in hierarchical roles. The number of entitlements assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If the employee has a SharePoint Online user account, the entitlements are assigned to this user account.
Entitlements can also be assigned to employees through IT Shop requests. To enable the assignment of entitlements using IT Shop requests, employees are added as customers in a shop. All entitlements assigned to this shop as products can be requested by the customers. After approval is granted, requested entitlements are assigned to the employees.
You can use system roles to group entitlements together and assign them to employees as a package. You can create system roles that contain only SharePoint Online entitlements. System entitlements from different target systems can also be grouped together in a system role.
To react quickly to special requests, you can also assign the entitlements directly to user accounts.
Prerequisites
- 
The assignment of employees, SharePoint Online roles, and SharePoint Online groups is permitted for departments, cost centers, locations, or business roles. NOTE: If a SharePoint Online role refers to a permission level for which the Hidden option is set, no business roles and organizations can be assigned. These SharePoint Online roles can be neither directly nor indirectly assigned to user accounts or groups.
- Group authenticated is not set in the user accounts.
- User accounts are marked with the Groups can be inherited option.
- User accounts and SharePoint Online entitlements belong to the same site collection.
For detailed information see the following guides:
| Theme | Guide | 
|---|---|
| Inheritance of company resources | One Identity Manager Identity Management Base Module Administration Guide One Identity Manager Business Roles Administration Guide | 
| Assigning company resources through IT Shop requests | One Identity Manager IT Shop Administration Guide | 
| System roles | One Identity Manager System Roles Administration Guide | 
Detailed information about this topic
- Assigning SharePoint Online entitlements to departments, cost centers, and locations
- Assigning SharePoint Online entitlements to business roles
- Assigning SharePoint Online user accounts directly to an entitlement
- Adding SharePoint Online entitlements to system roles
- Adding SharePoint Online entitlements to the IT Shop
- Assigning SharePoint Online entitlements directly to a user account
- Assigning SharePoint Online roles to SharePoint Online groups
