Identity Manager 8.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles
Handling of SharePoint Online objects in Web Portal Basic data for managing a SharePoint Online environment Appendix: Configuration parameters for managing SharePoint Online Appendix: Default project template for SharePoint Online Appendix: Editing system objects About us

Configuring single object synchronization

Changes made to individual objects in the target system can be immediately applied in the One Identity Manager database without having to start a full synchronization of the target system environment. Individual objects can only be synchronized if the object is already present in the One Identity Manager database. The changes are applied to the mapped object properties. If a member list is belongs to one of these properties, then the entries in the allocation table will also be updated. If the object is no longer present in the target system, then it is deleted from the One Identity Manager database.

Prerequisites
  • A synchronization step exists that can import the changes to the changed object into One Identity Manager.

  • The path to the base object of the synchronization is defined for the table that contains the changed object.

Single object synchronization is fully configured for synchronization projects created using the default project template. If you want to incorporate custom tables into this type of synchronization project, you must configure single object synchronization for these tables. For detailed information, see One Identity Manager Target System Synchronization Reference Guide.

To define the path to the base object for synchronization for a custom table

  1. In the Manager, select SharePoint Online | Basic configuration data | Target system types.

  2. In the result list, select the target system type SharePoint Online.

  3. Select Assign synchronization tables.

  4. In Add assignments, assign the custom table for which you want to use single object synchronization.

  5. Save the changes.
  6. Select Configure tables for publishing.

  7. Select the custom table and enter the Root object path.

    Enter the path to the base object in the ObjectWalker notation of the VI.DB.

    Example: FK(UID_O3STenant).XObjectKey

  8. Save the changes.
Related Topics

SharePoint Online synchronization features

There are a number of features for synchronizing SharePoint Online environments, which are described here.

Multiple organizations are not supported

By default there is only one Azure Active Directory tenant per synchronization project. This tenant corresponds to the organization for logging in to Microsoft Office 365.

Target system schema

The target system schema in One Identity Manager cannot be extended.

Target system scope settings

After you have set up the synchronization project, you must adjust the setting for the target system scope in Synchronization Editor.

The scope should only include site collections in which the applicable synchronization user is entered in the SharePoint Online administration interface as the site collection administrator. There is no default user in SharePoint Online.

If the scope is not correctly set up, site collections cannot be loaded and synchronization is stopped.

To exclude site collections from the scope of a SharePoint Online synchronization project

  1. Open the Synchronization Editor.
  2. Select the category Configuration | Target systems.
  3. Select the Scope view.
  4. Click Edit scope. A list of site collections appears on the right-hand side.
  5. In the list, select only the site collections for which the synchronization user is the same as the administrator in SharePoint Online.
  6. Click Commit to database to save your changes.
Related Topics

Executing a synchronization

Synchronization is started using scheduled process plans. It is possible to start synchronization manually in the Synchronization Editor. You can simulate synchronization beforehand to estimate synchronization results and discover errors in the synchronization configuration. If synchronization was terminated unexpectedly, you must reset the start information to be able to restart synchronization.

Before you execute synchronization of the SharePoint Online environments, the Azure Active Directory environment in One Identity Manager must have the latest status.

NOTE: Perform regular synchronizations of the Azure Active Directory environment. Synchronization must take place in the following order:

  1. Azure Active Directory
  2. SharePoint Online

Detailed information about this topic

Starting synchronizations

When setting up the initial synchronization project using the Launchpad, a default schedule for regular synchronizations is created and assigned. To execute regular synchronizations, activate this schedule.

To synchronize on a regular basis

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the category Configuration | Start up configurations.
  3. Select a start up configuration in the document view and click Edit schedule.
  4. Edit the schedule properties.
  5. To enable the schedule, click Activate.
  6. Click OK.

You can also start synchronization manually if there is no active schedule.

To start initial synchronization manually

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the category Configuration | Start up configurations.

  3. Select a start up configuration in the document view and click Execute.

  4. Confirm the security prompt with Yes.

IMPORTANT: As long as synchronization is running, you must not start another synchronization for the same target system. This applies especially, if the same synchronization objects would be processed.

  • If another synchronization is started with the same start up configuration, this process is stop and is assigned the Frozen execution status. An error message is written to the One Identity Manager Service log file.

  • If another synchronization is started with another start up configuration, that addresses same target system, it may lead to synchronization error or loss of data. Specify One Identity Manager behavior in this case, in the start up configuration. Group start up configurations with the same start up behavior.

Related Documents