Reports about SharePoint Online objects
One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for SharePoint Online.
NOTE: Other sections may be available depending on the which modules are installed.
Table 31: Data quality target system report
Show overview |
User account |
This report shows an overview of the user account and the assigned permissions. |
Show overview including origin |
User account |
This report shows an overview of the user account and origin of the assigned permissions. |
Show overview including history |
User account |
This report shows an overview of the user accounts including its history.
Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report. |
Overview of all assignments |
group
Role |
This report finds all roles containing employees who have the selected system entitlement. |
Show overview |
group
Role |
This report shows an overview of the system entitlement and its assignments. |
Show overview including origin |
group
Role |
This report shows an overview of the system entitlement and origin of the assigned user accounts. |
Show overview including history |
group
Role |
This report shows an overview of the system entitlement and including its history.
Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report. |
Show user accounts overview (incl. history) |
Site collection
Site |
This report returns all the user accounts with their permissions including a history.
Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report. |
Show system entitlements overview (incl. history) |
Site collection
Site |
This report shows the system entitlements with the assigned user accounts including a history.
Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report. |
Overview of all assignments |
Site collection
Tenant |
This report finds all roles containing employees with at least one user account in the selected target system. |
Handling of SharePoint Online objects in the Web Portal
One Identity Manager enables its users to perform various tasks simply using a Web Portal.
-
Managing user accounts and employees
An account definition can be requested by shop customers in the Web Portal if it is assigned to an IT Shop shelf. The request undergoes a defined approval process. The user account is not created until it has been agreed by an authorized person, such as a manager.
-
Managing entitlement assignments
When an entitlement is assigned to an IT Shop shelf, the entitlement can be requested by the customer in the Web Portal. The request undergoes a defined approval process. The entitlement is not assigned until it has been approved by an authorized person.
In the Web Portal, managers and administrators of organizations can assign entitlements to the departments, cost centers, or locations for which they are responsible. The entitlements are inherited by all persons who are members of these departments, cost centers, or locations.
If the Business Roles Module is available, managers and administrators of business roles in the Web Portal can assign entitlements to the business roles for which they are responsible. The entitlements are inherited by all persons who are members of these business roles.
If the System Roles Module is available, supervisors of system roles in the Web Portal can assign entitlements to the system roles. The entitlements are inherited by all persons to whom these system roles are assigned.
-
Attestation
To enable this, attestation policies are configured in the Manager. The attestors use the Web Portal to approve attestation cases.
-
Governance administration
The rules are checked regularly, and if changes are made to the objects in One Identity Manager. Compliance rules are defined in the Manager. Supervisors use the Web Portal to check and resolve rule violations and to grant exception approvals.
If the Company Policies Module is available, company policies can be defined for the target system objects mapped in One Identity Manager and their risks evaluated. Company policies are defined in the Manager. Supervisors use the Web Portal to check policy violations and to grant exception approvals.
-
Risk assessment
You can use the risk index of entitlements to evaluate the risk of entitlement assignments for the company.One Identity Manager provides default calculation functions for this. The calculation functions can be modified in the Web Portal.
-
Reports and statistics
The Web Portal provides a range of reports and statistics about the employees, user accounts, and their entitlements and risks.
For more information about the named topics, refer to the following guides:
-
One Identity Manager Web Designer Web Portal User Guide
-
One Identity Manager Attestation Administration Guide
-
One Identity Manager Compliance Rules Administration Guide
-
One Identity Manager Company Policies Administration Guide
-
One Identity Manager Risk Assessment Administration Guide
Basic data for managing a SharePoint Online environment
To manage SharePoint Online in One Identity Manager, the following basic data is relevant.
-
Authentication modes
Authentication mode used for logging in on the SharePoint Online server with this user account. For SharePoint Online, AzureAD is the only authentication mode.
For more information, see SharePoint Online authentication modes.
-
Target system types
Target system types are required for configuring target system comparisons. Tables with outstanding objects are maintained with the target system types and settings are configured for provisioning memberships and single objects synchronization. Target system types also map objects in the Unified Namespace.
For more information, see Post-processing outstanding objects.
-
Account definitions
One Identity Manager has account definitions for automatically allocating user accounts to employees. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.
For more information, see Account definitions for SharePoint Online user accounts.
-
Server
In order to handle target system specific processes in One Identity Manager, the synchronization server and its server functionality must be declared.
For more information, see Job server for SharePoint Online-specific process handling.
-
Target system managers
A default application role exists for the target system manager in One Identity Manager. Assign the employees who have permission to edit all tenants in One Identity Manager to this application role.
Define additional application roles if you want to limit the permissions for target system managers to individual tenants. The application roles must be added under the default application role.
For more information, see Target system managers.
SharePoint Online authentication modes
To display main data for an authentication mode
-
In the Manager, select the SharePoint Online > Basic configuration data > Authentication modes category.
-
Select the authentication mode in the result list.
-
Select the Change main data task.
The following main data is supplied for the authentication mode.
Table 32: Authentication mode properties
System ID |
Name of the authentication mode. For SharePoint Online, AzureAD is the only authentication mode. |
User prefix |
Prefix for formatting a login name for new user accounts. The associated authentication object is not a group. This means, the user account’s Group option is not set. |
Group prefix |
Prefix for formatting a login name for new user accounts. The associated authentication object is a group. This means, the user account’s Group option is set. |
Column for login name |
Column in the Person table used to format the login name for new user accounts. This information is required if employees are linked to user accounts though automatic employee assignment. |