Identity Manager 8.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles
Handling of SharePoint Online objects in Web Portal Basic data for managing a SharePoint Online environment Appendix: Configuration parameters for managing SharePoint Online Appendix: Default project template for SharePoint Online Appendix: Editing system objects About us

Assigning account definitions directly to employees

To assign an account definition directly to employees

  1. In the Manager, select SharePoint Online | Basic configuration data | Account definitions | Account definitions.

  2. Select an account definition in the result list.

  3. Select Assign to employees.

  4. Assign employees in Add assignments.

    TIP: In the Remove assignments area, you can remove the assignment of employees.

    To remove an assignment

    • Select the employee and double click .
  5. Save the changes.
Related Topics

Assigning account definitions to system roles

Installed modules: System Roles Module

NOTE: Account definitions with Only use in IT Shop can only be assigned to system roles that also have this option set.

To add account definitions to a system role

  1. In the Manager, select SharePoint Online | Basic configuration data | Account definitions | Account definitions.

  2. Select an account definition in the result list.
  3. Select Assign system roles.
  4. Assign system roles in Add assignments.

    TIP: In the Remove assignments area, you can remove the assignment of system roles.

    To remove an assignment

    • Select the system role and double click .

  5. Save the changes.
Related Topics

Adding account definitions in the IT Shop

A account definition can be requested by shop customers when it is assigned to an IT Shop shelf. To ensure it can be requested, further prerequisites need to be guaranteed.

  • The account definition must be labeled with the IT Shop option.

  • The account definition must be assigned to a service item.

    TIP: In Web Portal, all products that can be requested are grouped together by service category. To make the account definition easier to find in Web Portal, assign a service category to the service item.

  • If the account definition is only assigned to employees using IT Shop assignments, you must also set Only for use in IT Shop. Direct assignment to hierarchical roles may not be possible.

NOTE: IT Shop administrators can assign account definitions to IT Shop shelves if login is role-based. Target system administrators are not authorized to add account definitions in the IT Shop.

To add an account definition to the IT Shop

  1. In Manager, select SharePoint Online | Basic configuration data | Account definitions | Account definitions (non-role-based login).

    - OR -

    In Manager, select Entitlements | Account definitions (role-based login).

  2. Select an account definition in the result list.
  3. Select Add to IT Shop.
  4. Assign the account definitions to the IT Shop shelves in Add assignments.
  5. Save the changes.

To remove an account definition from individual IT Shop shelves

  1. In Manager, select SharePoint Online| Basic configuration data | Account definitions | Account definitions (non-role-based login).

    - OR -

    In Manager, select Entitlements | Account definitions (role-based login).

  2. Select an account definition in the result list.
  3. Select Add to IT Shop.
  4. Remove the account definitions from the IT Shop shelves in Remove assignments.
  5. Save the changes.

To remove an account definition from all IT Shop shelves

  1. In Manager, select SharePoint Online| Basic configuration data | Account definitions | Account definitions(non-role-based login).

    - OR -

    In Manager, select Entitlements | Account definitions (role-based login).

  2. Select an account definition in the result list.
  3. Select Remove from all shelves (IT Shop).
  4. Confirm the security prompt with Yes.
  5. Click OK.

    The account definition is removed from all shelves by One Identity Manager Service. All requests and assignment requests with this account definition are canceled in the process.

For detailed information about requesting company resources through IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related Topics

Assigning account definitions to target systems

The following prerequisites must be fulfilled if you implement automatic assignment of user accounts and employees resulting in administered user accounts (state Linked configured):

  • The account definition is assigned to the target system.

  • The account definition has the default manage level.

User accounts are only linked to the employee (Linked) if no account definition is given. This is the case on initial synchronization, for example.

To assign the account definition to a target system

  1. In Manager, select the site collection in SharePoint Online | Site collections.

  2. Select Change master data.
  3. Select the account definition for user accounts from Account definition (initial).

  4. Save the changes.
Related Topics
Related Documents