Versions Compared

Old Version 8

changes.mady.by.user Phillip Hanegan

Saved on

compared with

New Version Current

changes.mady.by.user Phillip Hanegan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you are not using EmpowerID SaaS and want EmpowerID to manage one or more of your SharePoint tenants, you need to configure one of those tenants with all of the components shown on the “EmpowerID side” (left) of Figure 1. These components are necessary to inventory SharePoint. In addition to these, you also need to configure each SharePoint tenant to be managed by EmpowerID with all of the components shown on the “Self-hosted” side of Figure 1. The only exception is to this is the Azure AD SCIM app service. This service only needs to be set up once within Azure.

Tip

All of the components shown on the EmpowerID side of the image are required whether you are self-hosting EmpowerID or using EmpowerID SaaS. The only difference is when using EmpowerID SaaS, you do not need to set up these components. EmpowerID takes care of that for you.

...

Figure 1 below image depicts the Azure components you need to configure when self-hosting EmpowerID. The purpose for each component is described in the table that follows the figure.

Image Modified

Table 1: Azure Components you need to configure when self-hosting EmpowerID

...

If you are taking advantage of EmpowerID SaaS, the components you need to configure in Azure are minimal as EmpowerID configures everything needed to inventory SharePoint (represented by the grayed out components on the left side of Figure 2 below). As a SaaS customer, you only need to configure the Azure components shown in Figure 2on the right side of the figure. If you are using EmpowerID to manage more than one SharePoint tenant, you need to configure these components for each of those tenants.

...

 

Table 2: Azure Components you need to configure when using EmpowerID SaaS

Azure Component

Purpose

Service Principal application 1

  • Used to provide Azure AD authentication to the app service that hosts the SharePoint Online microservice

Service Principal application 2

  • Used to grant API permissions to Microsoft Graph and SharePoint API endpoints

App Service

  • Used to host the SharePoint Online app service

Key Vault

  • Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it

  • Stores an access policy that grants key, secret and certificate permissions to the SharePoint Online app service hosting the microservice

Cosmo DB

  • Stores configuration information needed by the SharePoint Online app service

Function App

  • Used to update SharePoint user profiles

Azure AD SCIM Microservice

  • Used to inventory and manage Azure AD information in EmpowerID. This microservice must be deployed to Azure before setting up the SPO microservice. For details, see Connecting to SharePoint Online.

EmpowerID Items to Deploy

The SharePoint Online connector includes several components that you need to deploy to Azure from EmpowerID. These components and their related files are listed in the below table.

EmpowerID Component

File

AzGeneralService Microservice

AzGeneralServices_MicroserviceV3.zip

Service Principal application 2

  • Used to grant API permissions to Microsoft Graph and SharePoint API endpoints

App Service

  • Used to host the SharePoint Online app service

Key Vault

  • Stores certificate for certificate-based authentication between the microservice and the service principal registered in Azure for it

  • Stores an access policy that grants key, secret and certificate permissions to the SharePoint Online app service hosting the microservice

Cosmo DB

  • Stores configuration information needed by the SharePoint Online app service

Function App

  • Used to update SharePoint user profiles

Azure AD SCIM Microservice

  • Used to inventory and manage Azure AD information in EmpowerID. This microservice must be deployed to Azure before setting up the SPO microservice. For details, see Connecting to SharePoint Online.

Insert excerpt
IL:External Stylesheet
IL:External Stylesheet
nopaneltrue

...

Next steps

Register Service Principal for App Service Authentication

...