Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment
Setting up initial synchronization with a SharePoint Online tenant SharePoint Online synchronization features Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles Setting up SharePoint Online site collections and sites Reports about SharePoint Online objects
Handling of SharePoint Online objects in the Web Portal Basic data for managing a SharePoint Online environment Troubleshooting an SharePoint Online connection Configuration parameters for managing SharePoint Online Default project template for SharePoint Online Editing system objects

Reports about SharePoint Online objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for SharePoint Online.

NOTE: Other sections may be available depending on the which modules are installed.

Table 31: Data quality target system report

Report

Published for

Description

Show overview

User account

This report shows an overview of the user account and the assigned permissions.

Show overview including origin

User account

This report shows an overview of the user account and origin of the assigned permissions.

Show overview including history

User account

This report shows an overview of the user accounts including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

group

Role

This report finds all roles containing employees who have the selected system entitlement.

Show overview

group

Role

This report shows an overview of the system entitlement and its assignments.

Show overview including origin

group

Role

This report shows an overview of the system entitlement and origin of the assigned user accounts.

Show overview including history

group

Role

This report shows an overview of the system entitlement and including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts overview (incl. history)

Site collection

Site

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show system entitlements overview (incl. history)

Site collection

Site

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Site collection

Tenant

This report finds all roles containing employees with at least one user account in the selected target system.

Handling of SharePoint Online objects in the Web Portal

One Identity Manager enables its users to perform various tasks simply using a Web Portal.

  • Managing user accounts and employees

    An account definition can be requested by shop customers in the Web Portal if it is assigned to an IT Shop shelf. The request undergoes a defined approval process. The user account is not created until it has been agreed by an authorized person, such as a manager.

  • Managing entitlement assignments

    When an entitlement is assigned to an IT Shop shelf, the entitlement can be requested by the customer in the Web Portal. The request undergoes a defined approval process. The entitlement is not assigned until it has been approved by an authorized person.

    In the Web Portal, managers and administrators of organizations can assign entitlements to the departments, cost centers, or locations for which they are responsible. The entitlements are inherited by all persons who are members of these departments, cost centers, or locations.

    If the Business Roles Module is available, managers and administrators of business roles in the Web Portal can assign entitlements to the business roles for which they are responsible. The entitlements are inherited by all persons who are members of these business roles.

    If the System Roles Module is available, supervisors of system roles in the Web Portal can assign entitlements to the system roles. The entitlements are inherited by all persons to whom these system roles are assigned.

  • Attestation

    To enable this, attestation policies are configured in the Manager. The attestors use the Web Portal to approve attestation cases.

  • Governance administration

    The rules are checked regularly, and if changes are made to the objects in One Identity Manager. Compliance rules are defined in the Manager. Supervisors use the Web Portal to check and resolve rule violations and to grant exception approvals.

    If the Company Policies Module is available, company policies can be defined for the target system objects mapped in One Identity Manager and their risks evaluated. Company policies are defined in the Manager. Supervisors use the Web Portal to check policy violations and to grant exception approvals.

  • Risk assessment

    You can use the risk index of entitlements to evaluate the risk of entitlement assignments for the company.One Identity Manager provides default calculation functions for this. The calculation functions can be modified in the Web Portal.

  • Reports and statistics

    The Web Portal provides a range of reports and statistics about the employees, user accounts, and their entitlements and risks.

For more information about the named topics, refer to the following guides:

  • One Identity Manager Web Designer Web Portal User Guide

  • One Identity Manager Attestation Administration Guide

  • One Identity Manager Compliance Rules Administration Guide

  • One Identity Manager Company Policies Administration Guide

  • One Identity Manager Risk Assessment Administration Guide

Basic data for managing a SharePoint Online environment

To manage SharePoint Online in One Identity Manager, the following basic data is relevant.

  • Authentication modes

    Authentication mode used for logging in on the SharePoint Online server with this user account. For SharePoint Online, AzureAD is the only authentication mode.

    For more information, see SharePoint Online authentication modes.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.

    For more information, see Post-processing outstanding objects.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

    For more information, see Account definitions for SharePoint Online user accounts.

  • Server

    In order to handle target system specific processes in One Identity Manager, the synchronization server and its server functionality must be declared.

    For more information, see Job server for SharePoint Online-specific process handling.

  • Target system managers

    A default application role exists for the target system manager in One Identity Manager. Assign the employees who have permission to edit all tenants in One Identity Manager to this application role.

    Define additional application roles if you want to limit the permissions for target system managers to individual tenants. The application roles must be added under the default application role.

    For more information, see Target system managers.

SharePoint Online authentication modes

To display main data for an authentication mode

  1. In the Manager, select the SharePoint Online > Basic configuration data > Authentication modes category.

  2. Select the authentication mode in the result list.

  3. Select the Change main data task.

The following main data is supplied for the authentication mode.

Table 32: Authentication mode properties
Property Description

System ID

Name of the authentication mode. For SharePoint Online, AzureAD is the only authentication mode.

User prefix

Prefix for formatting a login name for new user accounts. The associated authentication object is not a group. This means, the user account’s Group option is not set.

Group prefix

Prefix for formatting a login name for new user accounts. The associated authentication object is a group. This means, the user account’s Group option is set.

Column for login name

Column in the Person table used to format the login name for new user accounts. This information is required if employees are linked to user accounts though automatic employee assignment.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating