立即与支持人员聊天
与支持团队交流

Identity Manager 8.2.1 - Administration Guide for Connecting to SharePoint Online

Mapping a SharePoint Online environment in One Identity Manager Synchronizing a SharePoint Online environment
Setting up initial synchronization with a SharePoint Online tenant SharePoint Online synchronization features Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing SharePoint Online user accounts and employees Managing the assignments of SharePoint Online groups and roles Mapping of SharePoint Online objects in One Identity Manager
SharePoint Online tenants SharePoint Online user accounts SharePoint Online groups SharePoint Online permission levels SharePoint Online site collections SharePoint Online sites SharePoint Online roles Setting up SharePoint Online site collections and sites Reports about SharePoint Online objects
Handling of SharePoint Online objects in the Web Portal Basic data for managing a SharePoint Online environment Troubleshooting an SharePoint Online connection Configuration parameters for managing SharePoint Online Default project template for SharePoint Online Editing system objects

Additional tasks for managing SharePoint Online roles

After you have entered the main data, you can run the following tasks.

Task

Topic

Overview of SharePoint Online Groups

Overview of SharePoint Online roles

Assign user accounts

Assigning SharePoint Online user accounts directly to an entitlement

Assign groups

Assigning SharePoint Online groups to SharePoint Online roles

Assign system roles

Adding SharePoint Online entitlements to system roles

Assign business roles

Assigning SharePoint Online entitlements to business roles

Assign organizations

Assigning SharePoint Online entitlements to departments, cost centers, and locations

Exclude SharePoint Online roles

Effectiveness of SharePoint Online roles

Assigning extended properties

Assigning extended properties to SharePoint Online groups

Synchronize object

Synchronizing single objects

Overview of SharePoint Online roles

To obtain an overview of a role

  1. In the Manager, select the category SharePoint Online > Roles.

  2. Select the role in the result list.

  3. Select the SharePoint Online role overview task.

Effectiveness of SharePoint Online roles

The behavior described under Effectiveness of SharePoint Online entitlement assignments can also be used for SharePoint Online roles.

The effect of the assignments is mapped in the O3SUserHasO3SRLAssign and BaseTreeHasO3SRLAssign tables through the XIsInEffect column.

Prerequisites

  • The QER | Structures | Inherite | GroupExclusion configuration parameter is set.

    In the Designer, set the configuration parameter and compile the database.

    NOTE: If you disable the configuration parameter at a later date, model components and scripts that are not longer required, are disabled. SQL procedures and triggers are still carried out. For more information about the behavior of preprocessor relevant configuration parameters and conditional compiling, see the One Identity Manager Configuration Guide.

  • Mutually exclusive SharePoint Online roles belong to the same site collection.

To exclude SharePoint Online roles

  1. In the Manager, select the category SharePoint Online > Roles.

  2. Select the role in the result list.

  3. Select the Exclude SharePoint Online roles task.

  4. In the Add assignments pane, assign the roles that are mutually exclusive to the selected role.

    - OR -

    In the Remove assignments pane, remove the roles that are no longer mutually exclusive.

  5. Save the changes.

Setting up SharePoint Online site collections and sites

Site collections and sites are loaded into the One Identity Manager database through synchronization in the default installation of One Identity Manager. You can add new site collections and site in the One Identity Manager and publish them in the SharePoint Online target system. Predefined scripts and processes are provided for this purpose. You can use these as templates to make the site collections and sites requestable through the IT Shop.

NOTE: Customize these scripts and processes as required.

Table 30: Example scripts and processes
Script/Process Description
Script O3S_CreateO3SSite

Creates a new site collection and the associate root site in the One Identity Manager database. Creates a user account that is entered as site collection administrator or root site author.

NOTE: Enter a valid SharePoint Online timezone value for the UID_DialogTimeZone parameter. If the timezone is invalid, UTC is used. You will find a list of permitted timezones in the script commentary.

Script O3S_CreateO3SWeb

Creates a new site within a site collection in the One Identity Manager database.

Process O3S_O3SWeb_(De-)Provision

Creates a new site within a site collection. The process is triggered by the PROVISION event if the site in the One Identity Manager database is not labeled as the root site.

Deletes a site. The process is triggered by the DEPROVISION event if the site in the One Identity Manager database is not labeled as the root site.

Process O3S_O3SSite_(De-)Provision

Creates a new site collection in a web application and the associated root site. The process is triggered by the PROVISION event.

Deletes a site collection in a web application and the associated root site. The process is triggered by the DEPROVISION event.

The following step are required in additions:

  • Define a requestable product through which the site collection/site is requested from the IT Shop.

  • Define product properties that are mapped to the script parameter (for example, URL or site template). You must include these product properties when the site collection/site is requested.

  • Create a process for the PersonWantsOrg table that is started when the request is approved (event OrderGranted). This process call the matching script and sets the parameter values with the defined product properties you have defined. Then the site collection/site is added to the One Identity Manager database.

  • To add a new site collection to an existing synchronization project, extend the scope of the target system connection in the synchronization project.

    ClosedExtending the scope

For more information about theIT Shop, see the One Identity Manager IT Shop Administration Guide. For detailed information about defining processes, see the One Identity Manager Configuration Guide.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级