Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

Enabling SharePoint Profile Sync

If you have Microsoft SharePoint and are running the User Profile service, you can configure EmpowerID to synchronize the user profile properties in your SharePoint with the corresponding EmpowerID Person attributes for each SharePoint user with an EmpowerID Person identity. In this way, if a user changes a property for one of their attributes, that change can be brought into EmpowerID and pushed to any of your connected account stores, such as Active Directory. The number of SharePoint profile properties that EmpowerID can synchronize with and the naming convention used can be viewed by expanding the

...

drop-down below.

  • View Profile Properties
    User Profile Sync Attribute Flow Name of Person attribute in EmpowerID Name of Profile property in SharePoint

    AboutMe

    AboutMe

    BirthDay

    SPS-Birthday Department Department Description Description

    Display Name

    PreferredName Email WorkEmail Fax Fax FirstName FirstName HomePhone HomePhone JobTitle Title LastName LastName Location SPS-Location MailboxAlias MailNickName MobileNumber CellPhone OfficeLocation Office OriginalHireDate SPS-HireDate SIPAddress SPS-SipAddress Telephone WorkPhone URLPersonal Url


Info

 The User Profile Service Application must be started in your SharePoint farm for EmpowerID Profile Sync to function correctly.


You determine how changes made to these properties in SharePoint affect EmpowerID by the settings you apply to the attribute flow rules for your SharePoint system. These rules are visually configured for each profile property and are always relative to the relationship between a user profile property in SharePoint and the corresponding EmpowerID Person attribute. In addition to setting attribute flow rules, you create a Resource Entitlement (RET) for a SharePoint User Profile and apply that policy to your SharePoint users in EmpowerID.

This topic explains how to enable profile sync for SharePoint

...

...

.

To create a SharePoint User Profile Resource Entitlement

Info

In this example, we create a SharePoint User Profile Resource Entitlement and apply that entitlement to the Any Role Anywhere Business Role and Location. In this way, profile sync happens for anyone within the organization. You can be more selective in your RET application if desired, drilling down to specific Business Roles and Location, groups, Management Roles, and SetGroups.


  1. From the

...

This opens the Resource Entitlement Details screen, which is where you enter the information to define your SharePoint User Profile RET.

...

  • Type a name for the RET into the Name field.
  • Type a friendly or display name for the RET into the Friendly Name field.
  • Type a description for the RET into the Description field.
  • Select SharePoint from the Resource System drop-down.
  • Select DoNothing from the On Claim Action drop-down. This tells EmpowerID to mark any previous resources assigned to the user that match this RET as RET-managed resources and do nothing else.
  • Select DoNothing from the On Transform Action drop-down. This tells EmpowerID to mark this resource with the new RET policy number and do nothing else.
  • Select Deprovision from the On Revoke Action drop-down. This tells EmpowerID to delete the user profile if the person to whom the profile is connected is terminated.
  • Type a desired value into the Priority field. This value entered here specifies a ranking for the RET and takes effect if a duplicate resource entitlement occurs inside the inheritance tree. The lower the number, the higher the priority.
  • Ensure that Business Role and Location is selected from the Assign Policy To drop-down and that the Assignee is the appropriate Business Role and Location. If you selected the Any Role Anywhere Business Role and Location as described in step 2 above, you should see these fields populated with those values.

When you have completed entering your values, your screen should look similar to the following image:

...

To set Attribute Flow Rules

...

When setting the attribute flow rules, you can choose from one of the four options below for each attribute or property:

  • Image RemovedNo Sync - When this option is selected, changes to profile properties made in SharePoint will not flow to EmpowerID and changes to Person attributes made in EmpowerID will not flow to SharePoint.
  • Image RemovedBidirectional Flow - When this option is selected, changes made within SharePoint flow to EmpowerID and changes made in EmpowerID flow to SharePoint.
  • Image RemovedAccount Store Changes Only - When this option is selected, changes made in SharePoint will flow to EmpowerID, but changes made in EmpowerID will not flow to SharePoint.
  • Image RemovedEmpowerID Changes Only - When this option is selected, changes made in EmpowerID will flow to SharePoint, but changes made in SharePoint will not flow to EmpowerID.
The attribute flow rule for the Email attribute must be set so that the flow occurs from EmpowerID to SharePoint. This means that changes to the person's Email attribute made in EmpowerID will flow to the WorkEmail attribute in SharePoint, but changes to the WorkEmail attribute in SharePoint will not flow to the Email attribute in EmpowerID.

The below image shows the attribute flow rules we have set for our environment. Notice that the attribute flow rule for Email is set to only flow from EmpowerID to SharePoint. All other attribute flow rules are set to bidirectional.

...

Next, we need to enable RET provisioning and de-provisioning, inventory and attribute flow for the SharePoint account store.

...

To enable RET provisioning and deprovisioning

...

  • Toggle the Allow RET Provisioning button from a red sphere to a green check. This allows EmpowerID to apply the SharePoint User Profile RET to each person in the Business Role and Location you specified when you created the RET.
  • Toggle the Allow RET De-Provisioning button from a red sphere to a green check. This allows EmpowerID to remove the SharePoint User Profile RET from a person when that person no longer meets the conditions for the RET.
  • Toggle the Enable Attribute Flow button from a red sphere to a green check, if it is not already in that state. This allow attribute flow to occur according to the attribute flow rules applied to the SharePoint account store.

...

The Account Store Details screen should look like the below image:

...

At your next account store inventory run, you should see the user profiles in SharePoint.

...

Be sure to turn on the Resource Entitlement Inbox Processor Job and the Resource Entitlement Recalculation Job on one or more of your EmpowerID Web servers to ensure the SharePoint User Profile RET gets applied to your users. You turn these jobs on by checking the box beside the job on the appropriate Web servers within theEmpowerID Servers and Roles section of Configuration Manager.

Image Removed

...

Administrative Procedures:

...

  1. Navigation Sidebar of the EmpowerID Web interface, expand Admin > Policies and click Provisioning Policies (RETs)
  2. Select the Policies tab and then click Add New (plus) button to the right of the search field.

    Image Added


    This opens the Policy Details form.

    Image Added


  3. In the Choose Type section of the form, select SharePoint User Profile from the Object Type to Provision drop-down.
  4. In the General section of the form enter a name, do the following:
    1. Enter Any Role and press ENTER to load the role in the Business Role tree. 
    2. Click the role in the Business Roles tree to select it.

      Image Added


  5. In the Location pane, do the following:
    1. Enter Anywhere and press ENTER to load the location in the Location tree.
    2. Click the location in the Location tree to select it.

      A number of accordions appear on the page.

      Image Added




Div
stylefloat: left; position: fixed; top: 105px; padding: 5px;
idtoc
classtopicTOC


Div
stylemargin-left: 40px; margin-bottom: 40px;

Live Search
spaceKeyE2D
placeholderSearch the documentation
typepage


Div
stylefont-size: 1rem; margin-bottom: -45px; margin-left: 40px;text-transform: uppercase;

On this page



Table of Contents
maxLevel2
stylenone