Chat now with support
Chat with Support

Identity Manager 8.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles
Handling of SharePoint Online objects in Web Portal Basic data for managing a SharePoint Online environment Appendix: Configuration parameters for managing SharePoint Online Appendix: Default project template for SharePoint Online Appendix: Editing system objects About us

Managing user accounts through account definitions

Following a synchronization, employees are automatically assigned in the default installation. If an account definition for the site collection is not yet known at the time of synchronization, user accounts are linked with employees. However, account definitions are not assigned. The user accounts are therefore in a Linked state.

To manage the user accounts using account definitions, assign an account definition and a manage level to these user accounts.

Detailed information about this topic

Troubleshooting

Synchronization Editor helps you to analyze and eliminate synchronization errors.

  • Simulating Synchronization

    The simulation allows you to estimate the result of synchronization. This means you can, for example, recognize potential errors in the synchronization configuration.

  • Analyzing synchronization

    You can generate the synchronization analysis report for analyzing problems which occur during synchronization, for example, insufficient performance.

  • Logging messages

    The One Identity Manager offers different options for logging errors. These include the synchronization log, the log file for One Identity Manager Service, the logging of messages with NLOG, and similar.

  • Reset start information

    If synchronization was terminated unexpectedly, for example, because a server was not available, the start information must be reset manually. Only then can the synchronization be restarted.

For more information about these topics, see the One Identity Manager Target System Synchronization Reference Guide.

Related Topics

Managing SharePoint Online user accounts and employees

The central component of One Identity Manager is to map employees and their master data with permissions through which they have control over different target systems. For this purpose, information about user accounts and permissions can be read from the target system into the One Identity Manager database and linked to employees. This gives an overview of the permissions for each employees in all of the connected target systems. One Identity Manager provides the possibility to manage user accounts and their permissions. You can provision modifications in the target systems. Employees are supplied with the necessary permissions in the connected target systems according to their function in the company. Regular synchronization keeps data consistent between target systems and the One Identity Manager database.

Because requirements vary between companies, One Identity Manager offers different methods for supplying user accounts to employees. One Identity Manager supports the following method for linking employees and their user accounts.

  • Employees can automatically obtain their account definitions using user account resources. If an employee does not yet have a user account in a tenant, a new user account is created. This is done by assigning account definitions to an employee using the integrated inheritance mechanism and subsequent process handling.

    When you manage account definitions through user accounts, you can specify the way user accounts behave when employees are enabled or deleted.

  • When user accounts are inserted, they can be automatically assigned to an existing employee. This mechanism can be implemented if a new user account is created manually or by synchronization. However, this procedure is not the default procedure for One Identity Manager. Define criteria for finding employees for automatic employee assignment.
  • Employees and user accounts can be entered manually and assigned to each other.

For detailed information about employee handling and administration, see the One Identity Manager Target System Base Module Administration Guide.

Related Topics

Account definitions for SharePoint Online user accounts

One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

Specify the manage level for an account definition for managing user accounts. The user account’s manage level specifies the extent of the employee’s properties that are inherited by the user account. This allows an employee to have several user accounts in one target system, for example:

  • Default user account that inherits all properties from the employee
  • Administrative user account that is associated to an employee but should not inherit the properties from the employee.

For more detailed information about the principles of account definitions, manage levels, and determining the valid IT operating data, see the One Identity Manager Target System Base Module Administration Guide.

The following steps are required to implement an account definition:

  • Creating account definitions

  • Configuring manage levels

  • Creating the formatting rules for IT operating data

  • Determining IT Operating Data

  • Assigning account definitions to employees and target systems

Detailed information about this topic
Related Documents