Site collections and sites are loaded into the One Identity Manager database through synchronization in the default installation of One Identity Manager. You can add new site collections and site in the One Identity Manager and publish them in the SharePoint Online target system. Predefined scripts and processes are provided for this purpose. You can use these as templates to make the site collections and sites requestable through the IT Shop.

NOTE: Customize these scripts and processes as required.

Table 29: Example scripts and processes
Script/Process	Description
Script O3S_CreateO3SSite	Creates a new site collection and the associate root site in the One Identity Manager database. Creates a user account that is entered as site collection administrator or root site author. NOTE: Enter a valid SharePoint Online time zone value for the UID_DialogTimeZone parameter. If the time zone is invalid, UTC is used. You will find a list of permitted time zones in the script commentary.
Script O3S_CreateO3SWeb	Creates a new site within a site collection in the One Identity Manager database.
Process O3S_O3SWeb_(De-)Provision	Creates a new site within a site collection. The process is triggered by the PROVISION event if the site in the One Identity Manager database is not labeled as the root site. Deletes a site. The process is triggered by the DEPROVISION event if the site in the One Identity Manager database is not labeled as the root site.
Process O3S_O3SSite_(De-)Provision	Creates a new site collection in a web application and the associated root site. The process is triggered by the PROVISION event. Deletes a site collection in a web application and the associated root site. The process is triggered by the DEPROVISION event.

The following step are required in additions:

Define a requestable product through which the site collection/site is requested from the IT Shop.
Define product properties that are mapped to the script parameter (for example, URL or site template). You must include these product properties when the site collection/site is requested.
Create a process for the PersonWantsOrg table that is started when the request is approved (event OrderGranted). This process call the matching script and sets the parameter values with the defined product properties you have defined. Then the site collection/site is added to the One Identity Manager database.
To add a new site collection to an existing synchronization project, extend the scope of the target system connection in the synchronization project if necessary.

If the Legacy authentication type was selected for the SharePoint Online connection, the scope can only include site collections in which the applicable synchronization user is entered as the site collection administrator in the SharePoint Online administration interface.

If the scope is not correctly set up, site collections cannot be loaded and synchronization is stopped.
Extending the scope
To edit site collections in the scope of a SharePoint Online synchronization project
1. Open the Synchronization Editor.
2. Select the Configuration > Target system category.
3. Select the Scope view.
4. Click Edit scope. A list of site collections appears on the right-hand side.
5. Activate the site collections to synchronize.
  
  In the list, select only the site collections for which the synchronization user is the same as the administrator in SharePoint Online.
6. Click Commit to database to save the changes.

For more information about the IT Shop, see the One Identity Manager IT Shop Administration Guide. For more information about defining processes, see the One Identity Manager Configuration Guide.

Reports about SharePoint Online objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for SharePoint Online.

NOTE: Other sections may be available depending on the which modules are installed.

Table 30: Data quality target system report
Report	Published for	Description
Show overview	User account	This report shows an overview of the user account and the assigned permissions.
Show overview including origin	User account	This report shows an overview of the user account and origin of the assigned permissions.
Show overview including history	User account	This report shows an overview of the user accounts including its history. Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.
Overview of all assignments	group Role	This report finds all roles containing identities who have the selected system entitlement.
Show overview	group Role	This report shows an overview of the system entitlement and its assignments.
Show overview including origin	group Role	This report shows an overview of the system entitlement and origin of the assigned user accounts.
Show overview including history	group Role	This report shows an overview of the system entitlement and including its history. Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.
Show user accounts overview (incl. history)	Site collection Site	This report returns all the user accounts with their permissions including a history. Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.
Show system entitlements overview (incl. history)	Site collection Site	This report shows the system entitlements with the assigned user accounts including a history. Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.
Overview of all assignments	Site collection Tenant	This report finds all roles containing identities with at least one user account in the selected target system.

Handling of SharePoint Online objects in the Web Portal

One Identity Manager enables its users to perform various tasks simply using a Web Portal.

Managing user accounts and identities

An account definition can be requested by shop customers in the Web Portal if it is assigned to an IT Shop shelf. The request undergoes a defined approval process. The user account is not created until it has been agreed by an authorized identity, such as a manager.
Managing entitlement assignments

When an entitlement is assigned to an IT Shop shelf, the entitlement can be requested by the customer in the Web Portal. The request undergoes a defined approval process. The entitlement is not assigned until it has been approved by an authorized identity.

In the Web Portal, managers and administrators of organizations can assign entitlements to the departments, cost centers, or locations for which they are responsible. The entitlements are inherited by all persons who are members of these departments, cost centers, or locations.

If the Business Roles Module is available, managers and administrators of business roles in the Web Portal can assign entitlements to the business roles for which they are responsible. The entitlements are inherited by all persons who are members of these business roles.

If the System Roles Module is available, supervisors of system roles in the Web Portal can assign entitlements to the system roles. The entitlements are inherited by all persons to whom these system roles are assigned.
Attestation

To enable this, attestation policies are configured in the Manager. The attestors use the Web Portal to approve attestation cases.
Governance administration

The rules are checked regularly, and if changes are made to the objects in One Identity Manager. Compliance rules are defined in the Manager. Supervisors use the Web Portal to check rule violations and to grant exception approvals.

If the Company Policies Module is available, company policies can be defined for the target system objects mapped in One Identity Manager and their risks evaluated. Company policies are defined in the Manager. Supervisors use the Web Portal to check policy violations and to grant exception approvals.
Risk assessment

You can use the risk index of entitlements to evaluate the risk of entitlement assignments for the company.One Identity Manager provides default calculation functions for this. The calculation functions can be modified in the Web Portal.
Reports and statistics

The Web Portal provides a range of reports and statistics about the identities, user accounts, and their entitlements and risks.

For more information about the named topics, refer to the following guides:

One Identity Manager Web Designer Web Portal User Guide
One Identity Manager Attestation Administration Guide
One Identity Manager Compliance Rules Administration Guide
One Identity Manager Company Policies Administration Guide
One Identity Manager Risk Assessment Administration Guide

Basic data for managing a SharePoint Online environment

To manage SharePoint Online in One Identity Manager, the following basic data is relevant.

Authentication modes

Authentication mode used for logging in on the SharePoint Online server with this user account. For SharePoint Online, AzureAD is the only authentication mode.

For more information, see SharePoint Online authentication modes.
Target system types

Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.

For more information, see Post-processing outstanding objects.
Account definitions

One Identity Manager has account definitions for automatically allocating user accounts to identities. You can create account definitions for every target system. If an identity does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an identity.

For more information, see Account definitions for SharePoint Online user accounts.
Server

In order to handle target system specific processes in One Identity Manager, the synchronization server and its server functionality must be declared.

For more information, see Job server for SharePoint Online-specific process handling.
Target system managers

A default application role exists for the target system manager in One Identity Manager. Assign identities to this application role who have permission to edit all tenants in One Identity Manager.

Define additional application roles if you want to limit the permissions for target system managers to individual tenants. The application roles must be added under the default application role.

For more information, see Target system managers.

Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação

Selecione seu produto:

Para podermos atendê-lo melhor, informe o Propósito de seu chat:

Soluções recomendadas para seu problema

Identity Manager 9.2 - Administration Guide for Connecting to SharePoint Online

Setting up SharePoint Online site collections and sites

Related topics

Reports about SharePoint Online objects

Handling of SharePoint Online objects in the Web Portal

Basic data for managing a SharePoint Online environment