One Identity Manager supports synchronization with SharePoint Online. One Identity Manager is responsible for synchronizing data between the SharePoint Online database and the One Identity Manager Service.
This sections explains:
TIP: Before you set up synchronization with a SharePoint Online, familiarize yourself with the Synchronization Editor. For detailed information about this tool, see the One Identity Manager Target System Synchronization Reference Guide.
The Synchronization Editor provides a project template that can be used to set up the synchronization of user accounts and permissions for the SharePoint Online environment. You use these project templates to create synchronization projects with which you import the data from a SharePoint Online into your One Identity Manager database. In addition, the required processes are created that are used for the provisioning of changes to target system objects from the One Identity Manager database into the target system.
To load objects from a SharePoint Online environment into the One Identity Manager database for the first time
Prepare a user account in the Azure Active Directory tenant with sufficient permissions for synchronization. The Azure Active Directory tenant must be known in the One Identity Manager system.
The One Identity Manager components for managing SharePoint Online systems are available if the configuration parameter TargetSystem | SharePointOnline is set.
Check whether the configuration parameter is set in the Designer. Otherwise, set the configuration parameter and compile the database.
Other configuration parameters are installed when the module is installed. Check the configuration parameters and modify them as necessary to suit your requirements.
The following users are involved in synchronizing One Identity Manager with SharePoint Online.
|User for accessing SharePoint Online||
For full synchronization of SharePoint Online objects with the supplied One Identity Manager default configuration, you must provide a user account with the minimum required permissions. The following is required:
For more information, see How to prepare the synchronization user.
One Identity Manager Service user account
The user account for One Identity Manager Service requires rights to carry out operations at file level, for example, assigning user rights and creating and editing directories and files.
The user account must belong to the Domain users group.
The user account must have the Login as a service extended user right
The user account requires access rights to the internal web service.
The user account needs full access to the One Identity Manager installation directory in order to automatically update One Identity Manager Service.
In the default installation the One Identity Manager is installed under:
|User for accessing the One Identity Manager database||
The Synchronization default system user is provided for executing synchronization with an application server.
To provide a user with all required permissions for access to SharePoint Online, you must enter the user account for synchronization as administrator in all site collections to be synchronized. To enable this, an administrative user account of the corresponding Azure Active Directory organization must be determined.
During initial setup of the system connection for SharePoint Online synchronization with the Synchronization Editor, the synchronization user must be at least one of the following administrators:
When you initially set up the system connection for SharePoint Online synchronization using the Synchronization Editor, the synchronization user must be one of the administrators of the site collection to be managed in SharePoint Online or an Azure Active Directory organization administrator.
For information about how to determine the name of the Azure Active Directory organization and how to create a synchronization user using the Microsoft online portal, see the Azure Active Directory documentation from Microsoft.