[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server
Download as PPTX, PDF1 like426 views
ClearPeople is a hybrid business consulting firm that provides both technical consulting and creative digital agency services. They have experience with Microsoft technologies like SharePoint, Sitecore, and Azure. The document discusses the importance of user profiles and identity management in SharePoint. It covers key considerations for implementing identity management, such as which systems contain user data, data quality issues, authentication, authorization, and privacy/security regulations. The last section provides an overview of using Microsoft Identity Manager to synchronize user profiles between Active Directory and SharePoint.
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-1-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-2-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-6-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-8-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-11-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-12-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-13-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-18-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-21-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-30-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-33-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-38-320.jpg)
![[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server](https://image.slidesharecdn.com/ecs18spencerharbarprofilesyncwithmimandsharepoint-180618091125/85/Harbar-Use-profile-synchronisation-with-Identity-Manager-and-SharePoint-Server-43-320.jpg)
[Harbar] Use profile synchronisation with Identity Manager and SharePoint Server
- 3. • • • • • • • • Chief Architect, ClearPeople Edinburgh, United Kingdom Scotland www.harbar.net spence@harbar.net @harbars
- 4. Who are ClearPeople? We are a hybrid breed of business offering technical consulting with creative digital agency services. Gold partner experience with Microsoft and Sitecore technologies. We are a ConsultagencyTM We apply the right technology with a human-centred approach.
- 5. • • • • • • • • Demonstration * Not extensive coverage due to time constraints
- 7. Whether you like it or not! Importance has increased significantly with each major release of SharePoint A SharePoint Admin is an Identity Admin Social features == social data Key input into “AI” such as Delve Pretty much every investment area relies on Profiles for core functionality App AuthZ, S2S, etc Primarily a political and social endeavor, NOT a technical one No toolset from any vendor will solve this, they only help
- 9. Who owns which data Departmental controls IS systems Organizational culture LCS: Legacy Corporation Syndrome Is the data even there? Is the data “clean”? Is the data up to date? Rate of change e.g. Health of Active Directory Too many forests and/or domains Line of business systems Ancient, creaking infrastructure External (to SharePoint) data sources Authentication and Authorization Ego: IdM Consultant and Admin Egos Protection of fiefdoms Privacy & Security User privacy & organization’s trustworthiness Regulation and legislation IdM implementation will need far more security controls than the systems it interacts with Do NOT get into the profile data storage business!
- 10. Especially when Active Directory is externally managed e.g. Reboot of domain controllers, Windows Update Large and/or bulk updates Replicating Directory Changes Additional rights for property export Ensure that SharePoint practitioners are involved early, and are taken seriously (considered a “grown up at the table”) within identity community
- 14. SharePoint User Profile Service Application UPS (SharePoint FIM) LOB System Active Directory ADI (User Profile Service Instance) EIM (External MIM) EIM (Custom Code) Other Directory
- 15. SharePoint User Profile Service Application LOB System Active Directory ADI (User Profile Service Instance) EIM (External MIM) EIM (Custom Code) Other Directory
- 17. • • • • • • • •
- 19. For the most common scenario Active Directory only Import Only! Container selection LDAP filters Inclusion Based One connection per domain Basically, an LDAP query and updates to Profile properties
- 29. Learn about MIM Sync •Complete a planning worksheet in Excel or similar of your requirements! Install Microsoft Identity Manager Synchronization Service & SharePoint Connector Create Management Agent Accounts •AD requires Replicating Directory Changes on Domain(s) and Configuration Partition •SharePoint requires Farm Administrator Configure SharePoint UPA and My Site Host •UPA: NetBIOSDomainNamesEnabled = $true & NoIlmUsed = $False (Use External Identity Manager) •Permission Policy and User Policy for SharePoint MA Account on the My Site Web Application Use MIMSync Toolkit to configure AD and SharePoint Management Agents* •Fix up Management Agent configuration •Configure additional properties, filters Perform Sync Runs Update-SPProfilePhotoStore Schedule Sync Runs * In a development environment, then use PowerShell and MA export/import to deploy to production
- 42. • • • • • • • • Great book, but covers the whole product, with not much detail on MIM Sync / Classic provisioning