Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment
Setting up initial synchronization with a SharePoint Online tenant SharePoint Online synchronization features Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles Setting up SharePoint Online site collections and sites Reports about SharePoint Online objects
Handling of SharePoint Online objects in the Web Portal Basic data for managing a SharePoint Online environment Troubleshooting an SharePoint Online connection Configuration parameters for managing SharePoint Online Default project template for SharePoint Online Editing system objects

Assigning SharePoint Online entitlements to SharePoint Online user accounts

In One Identity Manager, SharePoint Online entitlements can be assigned directly or indirectly to employees.

In the case of indirect assignment, employees and entitlements are organized in hierarchical roles. The number of entitlements assigned to an employee is calculated from the position in the hierarchy and the direction of inheritance. If the employee has a SharePoint Online user account, the entitlements are assigned to this user account.

Entitlements can also be assigned to employees through IT Shop requests. To enable the assignment of entitlements using IT Shop requests, employees are added as customers in a shop. All entitlements assigned to this shop as products can be requested by the customers. After approval is granted, requested entitlements are assigned to the employees.

You can use system roles to group entitlements together and assign them to employees as a package. You can create system roles that contain only SharePoint Online entitlements. You can also group any number of company resources into a system role.

To react quickly to special requests, you can also assign the entitlements directly to user accounts.

For detailed information see the following guides:

Topic

Guide

Basic principles for assigning and inheriting company resources

One Identity Manager Identity Management Base Module Administration Guide

One Identity Manager Business Roles Administration Guide

Assigning company resources through IT Shop requests

One Identity Manager IT Shop Administration Guide

System roles

One Identity Manager System Roles Administration Guide

Detailed information about this topic

Prerequisites for indirect assignment of SharePoint Online entitlements to SharePoint Online user accounts

In the case of indirect assignment, employees, groups SharePoint Online, and SharePoint Online roles are assigned to hierarchical roles, such as departments, cost centers, locations, or business roles. When assigning SharePoint Online groups and SharePoint Online roles indirectly, check the following settings and modify them if necessary.

Prerequisites for indirect assignment of SharePoint Online groups to SharePoint Online user accounts

  1. Assignment of employees and SharePoint Online groups is permitted for role classes (departments, cost centers, locations, or business roles).

  2. The SharePoint Online user account does not have the Groups can be inherited option set.

  3. The SharePoint Online user account is labeled with the Groups can be inherited option.

  4. The SharePoint Online user account is linked to an employee.

  5. The SharePoint Online user account and the SharePoint Online groups belong to the same site collection.

Prerequisites for indirect assignment of SharePoint Online roles to SharePoint Online user accounts

  • Assignment of employees and SharePoint Online roles is permitted for role classes (departments, cost centers, locations, or business roles).

  • The SharePoint Online user account does not have the Groups can be inherited option set.

  • The SharePoint Online user account is labeled with the Groups can be inherited option.

  • The SharePoint Online user account is linked to an employee.

  • The SharePoint Online user account and the SharePoint Online roles belong to the same site collection.

ClosedAllow assignments to role classes of departments, cost centers, locations, or roles

NOTE: If a SharePoint Online role refers to a permission level for which the Hidden option is set, no business roles and organizations can be assigned. These SharePoint Online roles can be neither directly nor indirectly assigned to user accounts or groups.

NOTE: There are other configuration settings that play a role when company resources are inherited through departments, cost centers, locations, and business roles. For example, role inheritance might be blocked or inheritance of employees not allowed. For more detailed information about the basic principles for assigning company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assigning SharePoint Online entitlements to departments, cost centers, and locations

Assign groups and roles to departments, cost centers, and locations in order to assign them to user accounts through these organizations.

To assign a permission to a department, cost center or location (non role-based login):

  1. In the Manager, select one of the following categories:

    • SharePoint Online > Groups

    • SharePoint Online > Roles

  2. Select the entitlements in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign permissions to a department, cost center or location (role-based login)

  1. In the Manager, select the Organizations > Departments category.

    - OR -

    In the Manager, select the Organizations > Cost centers category.

    - OR -

    In the Manager, select the Organizations > Locations category.

  2. Select the department, cost center, or location in the result list.

  3. Select one of the following tasks.

    • Assign SharePoint Online groups

    • Assign SharePoint Online roles

  4. In the Add assignments pane, assign the entitlements.

    TIP: In the Remove assignments pane, you can remove assigned entitlements.

    To remove an assignment

    • Select the entitlement and double-click .
  5. Save the changes.
Related topics

Assigning SharePoint Online entitlements to business roles

NOTE: This function is only available if the Business Roles Module is installed.

You assign entitlements to business roles so that these entitlements are assigned to user accounts through these business roles.

To assign an entitlement to business roles (non role-based login):

  1. In the Manager, select one of the following categories.

    • SharePoint Online > Groups

    • SharePoint Online > Roles

  2. Select the entitlements in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

To assign entitlements to a business role (role-based login):

  1. In the Manager, select the Business roles > <role class> category.

  2. Select the business role in the result list.

  3. Select one of the following tasks.

    • Assign SharePoint Online groups

    • Assign SharePoint Online roles

  4. In the Add assignments pane, assign the entitlements.

    TIP: In the Remove assignments pane, you can remove assigned entitlements.

    To remove an assignment

    • Select the entitlement and double-click .
  5. Save the changes.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating