Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to SharePoint

Managing SharePoint Environments Setting Up SharePoint Farm Synchronization Basic Data for Managing SharePoint SharePoint Farms SharePoint Web Applications SharePointSite Collections and Sites SharePoint User Accounts SharePoint Roles and Groups
SharePoint Groups SharePoint Roles and Permission Levels
Permissions for SharePoint Web Applications Reports about SharePoint Site Collections Appendix: Configuration Parameters for Managing SharePoint Appendix: Default Project Template for SharePoint

Special Synchronization Cases for Valid Permissions

Special Synchronization Cases for Valid Permissions

Valid permissions are mapped in the One Identity Manager database in the table SPSWebAppHasPermission; assignments of valid permissions to permission levels are mapped in the table SPSRoleHasSPSPermission.

If you remove permissions from the list of valid permissions for a web application in SharePoint, the permissions cannot be assigned to permission levels within the web application from this point on. Assignments to permission levels that already exist for these permissions remain intact but are not active. These permissions are deleted from the table SPSWebAppHasPermission during synchronization. Assignments to permission levels that already exist for these permissions are not changed. Inactive permissions are displayed in the permission levels' overview.

Related Topics

Show Synchronization Results

Show Synchronization Results

SynchronizationClosed results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.

To display a synchronization log

  1. Open the synchronization project in the Synchronization EditorClosed.
  2. Select the category Logs.
  3. Click in the navigation view toolbar.

    Logs for all completed synchronization runs are displayed in the navigation view.

  4. Select a log by double-clicking on it.

    An analysis of the synchronization is shown as a report. You can save the report.

To display a provisioning log.

  1. Open the synchronization project in the Synchronization Editor.
  2. Select the category Logs.
  3. Click in the navigation view toolbar.

    Logs for all completed provisioning processes are displayed in the navigation view.

  4. Select a log by double-clicking on it.

    An analysis of the provisioning is show as a report. You can save the report.

The log is marked in color in the navigation view. This mark shows you the execution status of the synchronization/provisioning.

Synchronization logs are stored for a fixed length of time. The retention period is set in the configuration parameter "DPR\Journal\LifeTime" and its sub parameters.

To modify the retention period for synchronization logs

  • Set the configuration parameter "Common\Journal\LifeTime" in the Designer and enter the maximum retention time for entries in the database journal. Use the configuration sub parameters to specify the retention period for each warning level.
  • If there is a large amount of data, you can specify the number of objects to delete per DBQueue Processor operation and run in order to improve performance. Use the configuration parameters "Common\Journal\Delete\BulkCount" and "Common\Journal\Delete\TotalCount" to do this.
  • Configure and set the schedule "Delete journal" in the Designer.

Customizing Synchronization Configuration

Customizing Synchronization Configuration

You have used the Synchronization EditorClosed to set up a synchronization project for initial synchronization of a SharePoint farm. You can use this synchronization project to load SharePoint objects into the One Identity Manager database. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the SharePoint environment.

You must customize the synchronization configuration in order to compare the SharePoint database with the regularly and to synchronize changes.

  • Create a workflow with the direction of synchronization "target system" to use One Identity Manager as the master system for synchronization.
  • You can use variables to create generally applicable synchronization configurations which contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes or processing methods, for example.
  • Use variables to set up a synchronization project which can be used for several different farms. Store a connection parameter as a variable for logging in to the farms.
  • To specify which SharePoint objects and database object are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.
  • Update the schema in the synchronization project, if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

IMPORTANT: As long as synchronization is running, you must not start another synchronization for the same target system. This applies especially, if the same synchronization objects would be processed.

  • The moment another synchronization is started with the same start up configuration, the running synchronization process is stopped and given the status, "Frozen". An error message is written to the One Identity Manager Service log file.
  • If another synchronization is started with another start up configuration, that addresses same target system, it may lead to synchronization error or loss of data. Plan your start times carefully. If possible, specify your start times so that synchronization does not overlap.
Detailed information about this topic
  • How to Configure SharePoint Synchronization
  • Configuring Synchronization of Several SharePoint Farms
  • Updating Schemas
  • One Identity Manager Target SystemClosed SynchronizationClosed Reference Guide

How to Configure SharePoint Synchronization

How to Configure SharePoint Synchronization

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). You also require a workflow with synchronization in the direction of the "target system" to use One Identity Manager as the master system for synchronization.

To create a synchronization configuration for synchronizing SharePoint farms

  1. Open the synchronization project in the Synchronization EditorClosed.

    TIP: You can start the SynchronizationClosed Editor on any server to modify an existing synchronization project. Set up a remote connection to communicate with farm servers.
  2. Check whether existing mappings can be used for synchronizing the target system. Create new maps if required.
  3. Create a new workflow with the workflow wizard.

    This adds a workflow for synchronizing in the direction of the target system.

  4. Create a new start up configuration. Use the new workflow to do this.
  5. Save the changes.
  6. Run a consistency check.

Detailed information about this topic
Related Documents