Identity Broker for Microsoft SharePoint Prerequisites

Identity Broker Requirements

Refer to the Identity Broker prerequisites article in the Identity Broker product guide.

Microsoft SharePoint Requirements

In order to successfully communicate with either version of SharePoint, the account configured for connecting to SharePoint requires Read and Manage User Profiles permissions in the SSP (SharePoint 2007) or in the User Profile Service Application Administrators (SharePoint 2010).

In order to perform user profile migration, the service account being used requires Full Control of the User Profile Service Application.

In order to perform user profile deletion, migration, and faster imports against a MOSS 2007 instance, the Custom Web Services need to be installed and configured prior to use of the connector.

In order to to perform all operations against a SharePoint 2010 instance, the SharePoint 2010 WCF Service should be installed.

Organization Profile Requirements

In order to manage SharePoint 2010 organization profiles, a field must be manually added to the SharePoint schema, and populated for any users who exist prior to enabling Identity Broker. This is required because SharePoint uses its own internal Record Id for resolving the parent reference with SharePoint, and this field cannot be set externally unless the corresponding SharePoint identifier for the parent profile is used. This is typically an organization unit code or identifier. This field should be either a string, integer, or distinguished name type in SharePoint, and will need to be appropriately configured in the Microsoft SharePoint 2010 Organization Profile Connector schema. The default connector configuration assumes a name of IdmProfileReference for this field. 


In order to successfully provision and update hierarchy information for organization profiles, the connector requires this field containing the value of profile's reference in the identity management solution, and an additional field containing the profile's parent reference in a DN format (which does not need to be added to SharePoint). Refer to Microsoft SharePoint 2010 Organization Profile Connector for more information.

Is this article helpful for you?