Identity Manager 9.1.3 - Administration Guide for Connecting to SharePoint (2024)

Valid permissions are mapped in the One Identity Manager database in the SPSWebAppHasPermission table; assignments of valid permissions to permission levels are mapped in the SPSRoleHasSPSPermission table.

If you remove permissions from the list of valid permissions for a web application in SharePoint, the permissions cannot be assigned to permission levels within the web application from this point on. Assignments to permission levels that already exist for these permissions remain intact but are not active. These permissions are deleted from the SPSWebAppHasPermission table during synchronization. Assignments to permission levels that already exist for these permissions are not changed. Inactive permissions are displayed in the permission levels' overview.

Related topics

• SharePoint roles and permission levels

Synchronization results are summarized in the synchronization log. You can specify the extent of the synchronization log for each system connection individually. One Identity Manager provides several reports in which the synchronization results are organized under different criteria.

To display a synchronization log

1. In the Synchronization Editor, open the synchronization project.

2. Select the Logs category.

3. Click in the navigation view toolbar.

   Logs for all completed synchronization runs are displayed in the navigation view.

4. Select a log by double-clicking it.

   An analysis of the synchronization is shown as a report. You can save the report.

   See Also

   Een Viva Engage-webonderdeel gebruiken in SharePoint

To display a provisioning log

1. In the Synchronization Editor, open the synchronization project.

2. Select the Logs category.

3. Click in the navigation view toolbar.

   Logs for all completed provisioning processes are displayed in the navigation view.

4. Select a log by double-clicking it.

   An analysis of the provisioning is shown as a report. You can save the report.

The log is marked in color in the navigation view. This mark shows you the status of the synchronization/provisioning.

TIP: The logs are also displayed in the Manager under the <target system> > synchronization log category.

Synchronization logs are stored for a fixed length of time.

To modify the retention period for synchronization logs

• In the Designer, enable the DPR | Journal | LifeTime configuration parameter and enter the maximum retention period.

Having used the Synchronization Editor to set up a synchronization project for initial synchronization of a SharePoint farm, you can use the synchronization project to load SharePoint objects into the One Identity Manager database. If you manage user accounts and their authorizations with One Identity Manager, changes are provisioned in the SharePoint environment.

You must customize the synchronization configuration to be able to regularly compare the database with the SharePoint environment and to synchronize changes.

• To use One Identity Manager as the primary system during synchronization, create a workflow with synchronization in the direction of the Target system.

• You can use variables to create generally applicable synchronization configurations that contain the necessary information about the synchronization objects when synchronization starts. Variables can be implemented in base objects, schema classes, or processing method, for example.

• Use variables to set up a synchronization project for synchronizing different farms. Store a connection parameter as a variable for logging in to the farms.
• To specify which SharePoint objects and database objects are included in synchronization, edit the scope of the target system connection and the One Identity Manager database connection. To prevent data inconsistencies, define the same scope in both systems. If no scope is defined, all objects will be synchronized.

• Update the schema in the synchronization project if the One Identity Manager schema or target system schema has changed. Then you can add the changes to the mapping.

Detailed information about this topic

• How to configure SharePoint synchronization
• Configuring synchronization of several SharePoint farms
• Updating schemas
• Changing system connection settings of SharePoint farms
• One Identity Manager Target System Synchronization Reference Guide

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing SharePoint farms

1. In the Synchronization Editor, open the synchronization project.

   TIP: You can start the Synchronization Editor on any server to modify an existing synchronization project. Set up a remote connection to communicate with farm servers.

2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

3. Create a new workflow with the workflow wizard.

   This creates a workflow with Target system as its direction of synchronization.

4. Create a new start up configuration. Use the new workflow to do this.

5. Save the changes.

6. Run a consistency check.

Detailed information about this topic

• Configuring synchronization of several SharePoint farms