How to Configure User Profile and Picture Providers

About User Profile and Picture Providers

• The User Profile and User Picture are used in the Ribbon (\modules\Ribbon) and TypeAhead features.

• The User Provider settings the file DefaultModuleSettings.js are shown below.

DefaultModuleSettings.js: Provider Settings

TypeAhead

Ribbon

How to Configure Sources Systems for User Profile and Picture Providers

Note: The User Profile and User Picture provider settings are very similiar, but they offer different options.

You can use different source systems for both:

• User Profile Providers (Impersonate option available)
  and
• User Picture Providers

User Provider Type

To configure your provider type, in each dialogue, use the following steps:

1. Go to the SmartHub admin page at https://<SmartHubweb-app-url>/_admin
   
   
2. Select the Provider settings (Profile Provider or Picture Provider) from the left side menu.
   
   
3. The Providerproperties dialogue appears.
   
   
4. Provider Type: Select the Provider type from the drop-down menu.

• • SharePoint Online
  • SharePoint OnPremise
  • Active Directory
    
    
    
    

How to Configure User Profile and Picture Provider Properties for SharePoint Online

SharePoint Online: User Profile Provider Properties

1. Navigate to the User Profile Providers section.
   
   
   
   
2. The User Provider Properties dialogue opens. Note the Impersonate option.
   
   
   
   
3. Provider type:
   1. Select SharePoint Online
4. Url:
   1. Specify your SharePoint Online URL.

5. If impersonate is not selected:

   1. Username: Specify a user who has the required permissions to retrieve the necessary user properties.

   2. Password: Specify the user password.
      

   Account Name Claim Prefix:

   1. Use this option if membership is the default value.

   2. Specify the prefix that is used to identify encoded claims.
      

6. Multi value delimiter:

   1. Specify the character that is used to delimit multi-value properties.

SharePoint Online: User Picture Provider Properties

Note: This dialogue does NOT provide an Impersonate option.

1. From the Administration menu select User Picture Providers > Configure. 
   
2. The User  Provider Properties dialogue appears.
   Note: There is NO Impersonate option in this dialogue.
   
   
   
   
3. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
4. App ID: 
   1. Specify the Client ID of the High Trust App registered in SharePoint.
      
5. Tenant:
   1. Specify your SharePoint Online URL.
      
6. App secret key: 
   1. Specify the secret key of the High Trust App registered in SharePoint.

7. Username:

   1. Specify a user who has the required permissions to retrieve the necessary user properties.
      

8. Password:

   1. Specify the user password.

How to Specify the Required Permissions in Azure

1. Log in to your Azure portal as an administrator: http://portal.azure.com.
   
   
2. Go to Azure Active Directory > App registrations.
   
   
3. If you previously registered an app to talk to SharePoint Online, find that app.
   1. If there is no such app, click New registration to register the new app.
      
      
      
      
4. Enter the App information:
   • Name: Enter the SmartHub user profile provider app.
   • Supported account types: Determines who can use the application or use the API.
   • Redirect URI: Enter your SmartHub URL such as https://search.company.com.
     
     
     
     
5. Click Your app > API permissions > Add a permission > Select an API/Microsoft APIs > Microsoft Graph.
   
   
6. Select the following Application permissions (your user interface may vary):
   
   1. User.Read.All: Read all users' full profiles
      
      
7. Click Add permissions.
   
   
8. You return to the App>API permissions page.
   1. Unless you are a tenant administrator, you see a caution message at the top of the page stating that Administrator consent must be given before some or all API permissions are activated.
   2. API permissions without granted consent state this under the STATUS heading in the table in the center of the page.
      
      
9. Click the Grant Admin consent for [Organization Name] button under the Grant consent heading on the same page.

How to Configure User Profile and Picture Provider Properties for SharePoint 2013/2016/19

SharePoint 2013/16/19: User Profile Provider Properties

1. Url:
   1. Enter the URL of the SharePoint 2013/2016/19 site that will be used for querying.
2. Username:
   1. Enter the user name for the account that should be used during search.
   2. Leave this empty if you plan to impersonate the logged in user from SmartHub.
3. Password:
   1. Enter the password for the account.
4. Impersonate:
   1. Click to execute search as the user logged into SmartHub.
   2. These results are security trimmed for each logged in user.
5. Audience Url:
   1. Specify the internal website URL of the SharePoint 2013/2016/19 site that will be used for querying.
6. Registered Issuer Name:
   1. Specify the Registered Issuer Name of the Security Token Issuer created for the High Trust App.
7. App Client ID:
   1. Specify the Client ID of the High Trust App registered in SharePoint.
8. Tenant Authentication Realm:
   1. Specify the Authentication Realm GUID of the 2013/2016/19 SharePoint farm.
9. Certificate path:
   1. Specify the relative path
   2. The path must start with a tilde followed by a forward slash characters (~/), to the location where the certificate (.pfx) is stored
10. Certificate pass:
    1. Specify the password for the certificate.
11. NameID Claim name:
    1. Specify the name of the claim that contains the SID of the user.
    2. This is required to impersonate the current user during searches.
12. NameID Provider (optional):
    1. Enter the type of the NameID claim value.
13. Account Name Claim Prefix:
    1. Identify claims encoded with the default value.
14. Multi value delimiter:
    1. Specify a character that will be used to delimit multi-value properties.

SharePoint 2013/16/19: User Picture Provider Properties

1. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
2. Username:
   1. Enter the name of the user who has the permissions that are required to retrieve the necessary user properties.
3. Password:
   1. User password.

How to Configure User Profile and Picture Provider Properties for Active Directory

Active Directory: User Profile Provider Properties

1. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
2. LDAP Configuration URL:
   1. Enter your LDAP URL.
   2. For example, ldap://DC=contoso, DC=com
3. LDAP User:
   1. Enter the name of the user who has the permissions that are required to retrieve the necessary user properties.
4. LDAP Password:
   1. Enter the user password.

Active Directory: User Picture Provider Properties

Use the same properties as above, in addition:

• Photo Property in AD:
  • The photo property as defined in Active Directory

For more information see SharePoint 2010/2013: Claims Encoding.

How to Configure User Provider and Provider Properties for Azure Active Directory

Azure Active Directory: User Picture Provider Properties

Credentials used to access the Azure Active Directory and retrieve user photos

1. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
2. Azure app ID:
   1. Enter the ID of your Azure app
3. Azure tenant:
   1. Enter the name of the tenant.
4. Azure secret key:
   1. Enter the secret key defined in Azure.

The minimum permissions needed for fetching the user picture are as follows:

1. Select Application permissions - User.Read.All: Read all users' full profiles

User Picture Provider General Settings

You can use different source systems for User Profile Providers and User Picture Providers.

To configure your user profile provider, use the following steps:

1. Go to the Federator admin UI and click User Picture Settings > Configure.
   
   
   
   
2. The User Picture Configuration page appears.