Onboarding the Microsoft Sharepoint Application
Use this task to provision users from Verify to On-Premises Microsoft Sharepoint adapter.
Before you begin
- Configure the identity agent for authentication in Verify. See, Configuring through the Verify user interface.
- Deploy and configure the IBM® Security Verify Identity Brokerage On-Premises component.
Procedure
- Log in as administrator on IBM Security Verify.
- Select Applications > Applications and click Add application.
- Search application type as the name set for the uploaded application profile from the
menu and click Add application. For example, if the Microsoft Sharepoint profile was uploaded with name Microsoft-Sharepoint, then the application is found with Microsoft-Sharepoint(custom).
- In the Add applications page, select the General tab, and specify the required details.
- Select the Account lifecycle tab.
- Specify the provisioning and deprovisioning policies.
Parameters Description Provision accounts Provision accounts are Disabled by default, which means the account creation is performed outside of IBM Security Verify.
Select the Enabled option to automatically provision an account when the entitlement is assigned to a user. Password generations and email notification features are available for the account that is created using IBM Security Verify.
Deprovision accounts Deprovision accounts is Disabled by default, which means account removal is performed outside of IBM Security Verify.
Select the Enabled option in to automatically deprovision an account when entitlement is removed from a user.
Account password - Sync user's Cloud Directory password
- This option is available if Password sync is enabled on the Cloud Directory. It uses the Cloud Directory password when a regular user is provisioned to the application. Federated users receive a generated password when provisioned to the application.
- Generate password
- This option generates a random password for the provisioned account. The password is based on the Cloud Directory password policy.
- None
- This option provisions the account without a password.
Send email notification This option is available when you select the Generate password option. When you select the Send email notification option an email notification with the auto-generated password is sent to your email address after the account is provisioned successfully. Grace period (days) Set the grace period in days for which deprovisioned account is kept as suspended before deleting it permanently. Deprovision action Delete the account. This field is available only if the deprovision account field is enabled. - In General section, select Application profile from the drop-down. If the profile does not exist you must create one. For more information see, Managing identity adapter application profiles.
- Specify the API authentication details.
Parameters Description Tivoli® Directory Integrator location URL for the IBM Security VerifyDirectory Integrator instance. For example, rmi://<ip-address>:<port>/ITDIDispatcher, where ip-address is the IBM Security Verify Directory Integrator host and port is the port number for the RMI Dispatcher. Sharepoint hostname Specify the host name or IP address of the SharePoint site. Sharepoint port Specify the SharePoint server port number. The default is port 80. Administrator Login Specify the administrator user that the adapter uses to connect to the Microsoft SharePoint instance. Note: For NTLM authentication, Administrator login must be in this format:<Domain Name>\<Login Name>.Administrator Password Specify the password for the user. Sharepoint site Optional: Specify the trailing URL to the SharePoint site. For the Sharepoint site subsite that has the locationhttp://sharepointhost/subsite, the field entry is subsite. If you leave this field blank, the default value is the top-level Sharepoint site. Enable SSL Specifies whether you want to enable secure communications. The default response is not to enable SSL. Authentication Mode Specify the authentication mode corresponding to your site. Authentication Provider Configuration File The file name that includes the full path to the authentication provider file. It lists the authentication providers configured on the SharePoint site. While provisioning account, you can select one of the authentication providers listed in this file. For more information, see Configuring authentication providers. If the file is stored in the same location as Dispatcher home, for example, TDI_HOME/timsol, you can omit the path and provide only the file name.
- Click Test Connection to test the connection to the Microsoft Sharepoint on premises. The connection needs to be successful to provision or reconcile accounts on the Microsoft Sharepoint application.
- Map the target Microsoft Sharepoint attributes to the Verify attributes as required. Select the Keep updated check box for the attributes that need to be updated on the target.
- Select the Account sync tab.
- In the Adoption policy section, add one or more attribute pairs that need to match for the account sync process to assign Microsoft Sharepoint accounts to their respective account owners on Verify.
- In the Remediation Policies section, choose a remediation policy to remediate non-compliant accounts automatically.
- Click Save.
- After the application is saved, specify the authorization policy on the Entitlements tab.