How to Configure User Profile and Picture Providers

 

About User Profile and Picture Providers

  • The User Profile and User Picture are used in the following modules:

  • The User Provider settings are accessed from the UI Builder, "Advanced Settings edit," link: See Default Settings.

Provider Settings

Content Containers

Type-Ahead

Ribbon

User Preferences

 

How to Configure Sources Systems for User Profile and Picture Providers

Note: The User Profile and User Picture provider settings are very similar, but they offer different options.

You can use different source systems for both:

  • User Profile Providers (Impersonate option available)
  • User Picture Providers

User Profile Provider

To configure your user profile provider use the following steps:

  1. Go to the SmartHub admin page at https://<SmartHubweb-app-url>/_admin
  2. Select User Profile Settings from the left side menu.
  3. Select User Profile Providers > Configure.
  4. The Provider properties dialogue appears.


  5. Provider Type: Select the Provider type from the drop-down menu.
    • Microsoft O365
    • SharePoint OnPremise
    • Local Active Directory


Note: At this time, SmartHub supports only one User Profile.

Tip: User Profile must be reconfigured on upgrade.

How to Configure Provider Properties for Microsoft O365

Microsoft O365: Profile Provider Properties

Procedure:

  1. Navigate to the User Profile Providers section.
  2. Click Configure.


  3. The User Provider properties dialogue opens.
    Note the Impersonate option.


  4. Provider type: Select Microsoft O365
  5. Url: Specify your SharePoint Online URL.

  6. If Impersonate is not selected:

    1. Username: Specify a user who has the required permissions to retrieve the necessary user properties.

    2. Password: Specify the user password.

  7. Tenant ID: Specify your Azure tenancy ID.

  8. Client ID: The "Application ID" as shown in the Azure Portal App Registration page for your application.

  9. Client secret of Azure App: Enter a client secret key.

  10. Account Name Claim Prefix: You should use this option if membership is the default value. Specify the prefix that is used to identify encoded claims.

  11. Multi value delimiter: Specify the character that is used to delimit multi-value properties.

Microsoft O365: User Picture Provider Properties

Note: This dialogue does NOT provide an Impersonate option.

Procedure:

  1. From the Administration menu select User Picture Providers > Configure.
  2. The User Provider Properties dialogue appears.
    Note: There is NO Impersonate option in this dialogue.


  3. Application (client) ID: The "Application ID" as shown in the Azure Portal App Registration page for your application.

  4. Directory (tenant) ID: Specify your Azure tenancy Id

  5. Application (client) secret: Enter a client secret

How to Specify the Required Permissions in Azure

Procedure:

  1. Log in to your Azure portal as an administrator: http://portal.azure.com.
  2. Go to Azure Active Directory > App registrations.
  3. If you previously registered an app to talk to SharePoint Online, find that app.
    1. If there is no such app, click New registration to register the new app.


  4. Enter the App information:
    • Name: Enter the SmartHub user profile provider app.
    • Supported account types: Determines who can use the application or use the API.
    • Redirect URI: Enter your SmartHub URL such as https://search.company.com.


  5. Click Your app > API permissions > Add a permission > Select an API/Microsoft APIs > Microsoft Graph.
  6. Select the following Application permissions (your user interface may vary):
    1. User.Read.All: Read all users' full profiles
  7. Click Add permissions.
  8. You return to the App > API permissions page. Unless you are a tenant administrator, you will see a caution message at the top of the page stating that Administrator consent must be given before some or all API permissions are activated.
    1. API permissions without granted consent state this under the STATUS heading in the table in the center of the page.
  9. Click the Grant Admin consent for[Organization Name] button under the Grant consent heading on the same page.

How to Configure User Provider Properties for SharePoint 2013/2016/19 and SharePoint Online

SharePoint 2013/16/19/SPSE: User Profile Provider Properties

  1. Url:
    1. Enter the URL of the SharePoint 2013/2016/19/SPSE site that will be used for querying.
  2. Username:
    1. Enter the user name for the account that should be used during search.
    2. Leave this empty if you plan to impersonate the logged in user from SmartHub.
  3. Password:
    1. Enter the password for the account.
  4. Impersonate:
    1. Click to execute search as the user logged into SmartHub.
    2. These results are security trimmed for each logged in user.
  5. Audience Url:
    1. Specify the internal website URL of the SharePoint 2013/2016/19 site that will be used for querying.
  6. Registered Issuer Name:
    1. Specify the Registered Issuer Name of the Security Token Issuer created for the High Trust App.
  7. App Client ID:
    1. Specify the Client ID of the High Trust App registered in SharePoint.
  8. Tenant Authentication Realm:
    1. Specify the Authentication Realm GUID of the 2013/2016/19/SPSE SharePoint farm.
  9. Certificate path:
    1. Specify the relative path
    2. The path must start with a tilde followed by a forward slash characters (~/), to the location where the certificate (.pfx) is stored
  10. Certificate pass:
    1. Specify the password for the certificate.
  11. NameID Claim name:
    1. Specify the name of the claim that contains the SID of the user.
    2. This is required to impersonate the current user during searches.
  12. NameID Provider (optional):
    1. Enter the type of the NameID claim value.
  13. Account Name Claim Prefix:
    1. Identify claims encoded with the default value.
  14. Multi value delimiter:
    1. Specify a character that will be used to delimit multi-value properties.

Note: When you are using Azure Active Directory for authentication the value is onprem_sid.

SharePoint 2013/16/19: User Picture Provider Properties

  1. User Profile Cache Expiration (minutes):
    1. Enter the number of caching minutes here.
  2. Username:
    1. Enter the name of the user who has the permissions that are required to retrieve the necessary user properties.
  3. Password:
    1. Enter the user password.

How to Configure User Profile and Picture Provider Properties for Active Directory

Active Directory: User Profile Provider Properties

  1. User Profile Cache Expiration (minutes):
    1. Enter the number of caching minutes here.
  2. LDAP Configuration URL:
    1. Enter your LDAP URL.
    2. For example, ldap://DC=contoso, DC=com
  3. LDAP User:
    1. Enter the name of the user who has the permissions that are required to retrieve the necessary user properties.
  4. LDAP Password:
    1. Enter the user password.

Active Directory: User Picture Provider Properties

Use the same properties as above, in addition:

  • Photo Property in AD:
    • The photo property as defined in Active Directory

For more information see SharePoint 2010/2013: Claims Encoding.

How to Configure User Provider and Provider Properties for Azure Active Directory

Azure Active Directory: User Picture Provider Properties

Credentials used to access the Azure Active Directory and retrieve user photos

  1. User Profile Cache Expiration (minutes):
    1. Enter the number of caching minutes here.
  2. Azure app ID:
    1. Enter the ID of your Azure app
  3. Azure tenant:
    1. Enter the name of the tenant.
  4. Azure secret key:
    1. Enter the secret key defined in Azure.

The minimum permissions needed for fetching the user picture are as follows:

  1. Select Application permissions - User.Read.All: Read all users' full profiles

User Picture Provider General Settings

You can use different source systems for User Profile Providers and User Picture Providers.

To configure your user profile provider, use the following steps:

  1. Go to the Federator admin UI and click User Picture Settings > Configure.
  2. The User PictureConfiguration page appears.
  3. Application (client) ID: This is the Azure AD "Application ID" as shown in the Azure Portal App Registration page for your application.
  4. Directory (tenant) ID: Specify your Azure tenancy ID.
  5. Application (client) secret: Enter the client secret key.
For the User Picture Provider to work the User Profile Providermust also be configured, except in the case of Azure Active Directory.
To change the default placeholder, change the value UserPicturePlaceHolder in the web.config file.