Versions Compared

Old Version 10

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version 11

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Figure 1 below image depicts the Azure components you need to configure when self-hosting EmpowerID. The purpose for each component is described in the table that follows the figure.

Image Modified

Table 1: Azure Components you need to configure when self-hosting EmpowerID

...

If you are taking advantage of EmpowerID SaaS, the components you need to configure in Azure are minimal as EmpowerID configures everything needed to inventory SharePoint (represented by the grayed out components in on the left side of Figure 2 below). As a SaaS customer, you only need to configure the Azure components shown on the right side of Figure 2the figure. If you are using EmpowerID to manage more than one SharePoint tenant, you need to configure these components for each of those tenants.

...

 

Table 2: Azure Components you need to configure when using EmpowerID SaaS

Azure Component

Purpose

Service Principal application 1

  • Used to provide Azure AD authentication to the app service that hosts the SharePoint Online microservice

Service Principal application 2

  • Used to grant API permissions to Microsoft Graph and SharePoint API endpoints

App Service

  • Used to host the SharePoint Online app service

Key Vault

  • Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it

  • Stores an access policy that grants key, secret and certificate permissions to the SharePoint Online app service hosting the microservice

Cosmo DB

  • Stores configuration information needed by the SharePoint Online app service

Function App

  • Used to update SharePoint user profiles

Azure AD SCIM Microservice

  • Used to inventory and manage Azure AD information in EmpowerID. This microservice must be deployed to Azure before setting up the SPO microservice. For details, see Connecting to SharePoint Online.

EmpowerID Items to Deploy

The SharePoint Online connector includes several components that you need to deploy to Azure from EmpowerID. These components and their related files are listed in the below table.

EmpowerID Component

File

AzGeneralService Microservice

AzGeneralServices_MicroserviceV3.zip

Service Principal application 2

  • Used to grant API permissions to Microsoft Graph and SharePoint API endpoints

App Service

  • Used to host the SharePoint Online app service

Key Vault

  • Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it

  • Stores an access policy that grants key, secret and certificate permissions to the SharePoint Online app service hosting the microservice

Cosmo DB

  • Stores configuration information needed by the SharePoint Online app service

Function App

  • Used to update SharePoint user profiles

Azure AD SCIM Microservice

  • Used to inventory and manage Azure AD information in EmpowerID. This microservice must be deployed to Azure before setting up the SPO microservice. For details, see Connecting to SharePoint Online.

...