Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles
Handling of SharePoint Online objects in the Web Portal Basic data for managing a SharePoint Online environment Configuration parameters for managing SharePoint Online Default project template for SharePoint Online Editing system objects About us

Customizing the synchronization configuration

Having used the Synchronization Editor to set up a synchronization project for initial synchronization of a SharePoint Online tenant, you can use the synchronization project to load SharePoint Online site collections into the One Identity Manager database. If you manage sites, users, and groups with One Identity Manager, the changes are provisioned to the SharePoint Online tenant.

Adjust the synchronization configuration in order to compare the One Identity Manager database with the SharePoint Online tenant on a regular basis and to synchronize changes.

  • To use One Identity Manager as the master system during synchronization, create a workflow with synchronization in the direction of the Target system.

  • To specify which SharePoint Online objects and One Identity Manager database objects are included in the synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.

  • You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing methods, for example.
  • Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

  • To synchronize additional schema properties, update the schema in the synchronization project. Include the schema extensions in the mapping.

  • Add your own schema types if you want to synchronize data, which does not have schema types in the connector schema. Include the schema extensions in the mapping.

For more detailed information about configuring synchronization, see the One Identity Manager Target System Synchronization Reference Guide.

Detailed information about this topic

Configuring synchronization with SharePoint Online tenants

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the master system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing SharePoint Online

  1. Open the synchronization project in the Synchronization Editor.

  2. Check whether existing mappings can be used for synchronizing the target system. Create new maps if required.
  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its synchronization direction.

  4. Create a new start up configuration. Use the new workflow to do this.
  5. Save the changes.

  6. Run a consistency check.

Updating schemas

All the schema data (schema types and schema properties) of the target system schema and the One Identity Manager schema are available when you are editing a synchronization project. Only a part of this data is really needed for configuring synchronization. If a synchronization project is finished, the schema is compressed to remove unnecessary data from the synchronization project. This can speed up the loading of the synchronization project. Deleted schema data can be added to the synchronization configuration again at a later point.

If the target system schema or the One Identity Manager schema has changed, these changes must also be added to the synchronization configuration. Then the changes can be added to the schema property mapping.

To include schema data that have been deleted through compression and schema modifications in the synchronization project, update each schema in the synchronization project. This may be necessary if:

  • A schema was changed by:

    • Changes to a target system schema

    • Customizations to the One Identity Manager schema

    • A One Identity Manager update migration

  • A schema in the synchronization project was shrunk by:

    • Enabling the synchronization project

    • Saving the synchronization project for the first time

    • Compressing a schema

To update a system connection schema

  1. Select the Configuration | Target system category.

    - OR -

    Select the Configuration | One Identity Manager connection category.

  2. Select the General view and click Update schema.

  3. Confirm the security prompt with Yes.

    This reloads the schema data.

To edit a mapping

  1. Select the Mappings category.

  2. Select a mapping in the navigation view.

    Opens the Mapping Editor. For more detailed information about mappings, see the One Identity Manager Target System Synchronization Reference Guide.

NOTE: The synchronization is deactivated if the schema of an activated synchronization project is updated. Reactivate the synchronization project to synchronize.

Configuring the provisioning of memberships

Memberships, such as user accounts in groups, are saved in assignment tables in the One Identity Manager database. During provisioning of modified memberships, changes made in the target system may be overwritten. This behavior can occur under the following conditions:

  • Memberships are saved in the target system as an object property in list form (Example: List of user accounts in the Members property of a SharePoint Onlinegroup).

  • Memberships can be modified in either of the connected systems.

  • A provisioning workflow and provisioning processes are set up.

If one membership in One Identity Manager changes, by default, the complete list of members is transferred to the target system. Therefore, memberships that were previously added to the target system are removed in the process and previously deleted memberships are added again.

To prevent this, provisioning can be configured such that only the modified membership is provisioned in the target system. The corresponding behavior is configured separately for each assignment table.

To allow separate provisioning of memberships

  1. In the Manager, select the SharePoint Online | Basic configuration data | Target system types category.

  2. Select SharePoint Online in the result list.

  3. Select the Configure tables for publishing task.

  4. Select the assignment tables that you want to set up for single provisioning. Multi-select is possible.

    • This option can only be enabled for assignment tables that have a base table with XDateSubItem or CCC_XDateSubItem column.

    • Assignment tables that are grouped together in a virtual schema property in the mapping must be marked identically.

  5. Click Merge mode.

  6. Save the changes.

For each assignment table labeled like this, the changes made in One Identity Manager are saved in a separate table. During modification provisioning, the members list in the target system is compared to the entries in this table. This means that only modified memberships are provisioned and not the entire members list.

NOTE: The complete members list is updated by synchronization. During this process, objects with changes but incomplete provisioning are not handled. These objects are logged in the synchronization log.

You can restrict single provisioning of memberships with a condition. Once merge mode has been disabled for a table, the condition is deleted. Tables that have had the condition deleted or edited are marked with the following icon: . You can restore the original condition at any time.

To restore the default condition

  1. Select the auxiliary table for which you want to restore the condition.

  2. Right-click on the selected row and select the Restore original values context menu item.
  3. Save the changes.

For more detailed information about provisioning memberships, see the One Identity Manager Target System Synchronization Reference Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating