Configure User Profile and Picture Providers

• About User Profile and Picture Providers

• Provider Settings

• How to Configure Sources Systems for User Profile and Picture Providers

• User Profile Provider

• How to Configure User Provider Properties for SharePoint 2013/2016/19 and SharePoint Online

• User Picture Provider General Settings

About User Profile and Picture Providers

• The User Profile and User Picture are used in the following modules:

  • Ribbon (\modules\Ribbon)

  • TypeAhead

  • ContentContainers

  • User Preferences

• The User Provider settings are accessed from the UI Editor, "Advanced Settings edit," link: See Default Settings.

Provider Settings

Content Containers

Type-Ahead

Ribbon

User Preferences

How to Configure Sources Systems for User Profile and Picture Providers

Note: The User Profile and User Picture provider settings are very similar, but they offer different options.

You can use different source systems for both:

• User Profile Providers (Impersonate option available)
  
• User Picture Providers

User Profile Provider

To configure your user profile provider use the following steps:

1. Go to the SmartHub admin page at https://<SmartHubweb-app-url>/_admin
   
2. Select User Profile Settings from the left side menu.
3. Select User Profile Providers > Configure.
   
4. The Provider properties dialogue appears.
   
5. Provider Type: Select the Provider type from the drop-down menu.

• • Microsoft O365
  • SharePoint OnPremise
  • Local Active Directory
    

How to Configure Provider Properties for Microsoft O365

Microsoft O365: Profile Provider Properties

The Microsoft O365 provider can retrieve user profile properties from SharePoint Online, Microsoft Graph, or both, depending on your configuration. Note the following:

• If you fill in the SharePoint Online settings, the provider will pull properties from SharePoint Online.

• If you fill in the Microsoft Graph settings, it will retrieve properties from Microsoft Graph.

• If both are configured and a property exists in both sources but has different values, the SharePoint Online value takes precedence.

Procedure:

1. In the SmartHub administration portal, Click User Profile Providers.
2. Click Configure.
   
3. In the newly opened he User Provider properties dialog, provide the following information:
   
   1. Provider type: Select Microsoft O365 from the drop-down menu.

   2. User Profile Cache Expiration (minutes): Specify the amount of time, in minutes, to cache your user properties.

   3. Expand the SharePoint Online settings and complete the following:

      1. Site Collection URL:: Specify your SharePoint site collection URL.

      2. If Impersonate is not selected, enter the following:

         • Username: Specify a user who has the required permissions to retrieve the necessary user properties.

         • Password: Specify the user password.

      3. Account Name Claim Prefix: Specify the prefix that is used in claims-based authentication to identify the type and source of the user's account name. For example, i:0#.w| is a common prefix for claims from a Windows Active Directory account, indicating a claims-based user under a specific identity provider. Other prefixes, such as c:0o.c|federateddirectoryclaimprovider| or i:0#.f|membership|, are used for different scenarios, such as group memberships or Office 365 users. For more information, see Claims-based identity in SharePoint in the Microsoft documentation.

      4. Multi value delimiter: Specify the character that is used to delimit multi-value properties.

   4. Expand the Microsoft Graph Settings and complete the following:

      1. Directory (tenant) ID: Specify your Azure tenancy ID.

      2. Application (client) ID: Enter the Application ID as shown in the Azure Portal App Registration page for your application.

      3. Application (client) secret: Enter the client secret key of your Azure Application.

      4. User properties to request from the MS Graph: Enter a comma separated list of the user properties that will be retrieved from Microsoft Graph.

Microsoft O365: User Picture Provider Properties

Note: This dialogue does NOT provide an Impersonate option.

Procedure:

1. From the Administration menu select User Picture Providers > Configure.
   
2. The User Provider Properties dialogue appears. There is NO Impersonate option in this dialogue.
   

3. Application (client) ID: The "Application ID" as shown in the Azure Portal App Registration page for your application.

4. Directory (tenant) ID: Specify your Azure tenancy Id

5. Application (client) secret: Enter a client secret

How to Specify the Required Permissions in Azure

Procedure:

1. Log in to your Azure portal as an administrator: http://portal.azure.com.
   
2. Go to Azure Active Directory > App registrations.
   
3. If you previously registered an app to talk to SharePoint Online, find that app.
   1. If there is no such app, click New registration to register the new app.
      
      
      
4. Enter the App information:
   • Name: Enter the SmartHub user profile provider app.
   • Supported account types: Determines who can use the application or use the API.
   • Redirect URI: Enter your SmartHub URL such as https://search.company.com.
     
     
     
5. Click Your app > API permissions > Add a permission > Select an API/Microsoft APIs > Microsoft Graph.
   
6. Select the following Application permissions (your user interface may vary):
   
   1. User.Read.All: Read all users' full profiles
      
7. Click Add permissions.
   
8. You return to the App > API permissions page. Unless you are a tenant administrator, you will see a caution message at the top of the page stating that Administrator consent must be given before some or all API permissions are activated.
   1. API permissions without granted consent state this under the STATUS heading in the table in the center of the page.
      
9. Click the Grant Admin consent for[Organization Name] button under the Grant consent heading on the same page.
   
   

How to Configure User Provider Properties for SharePoint 2013/2016/19 and SharePoint Online

SharePoint 2016/19/SPSE: User Profile Provider Properties

1. Url:
   1. Enter the URL of the SharePoint 2013/2016/19/SPSE site that will be used for querying.
2. Username:
   1. Enter the user name for the account that should be used during search.
   2. Leave this empty if you plan to impersonate the logged in user from SmartHub.
3. Password:
   1. Enter the password for the account.
4. Impersonate:
   1. Click to execute search as the user logged into SmartHub.
   2. These results are security trimmed for each logged in user.
5. Audience Url:
   1. Specify the internal website URL of the SharePoint 2013/2016/19 site that will be used for querying.
6. Registered Issuer Name:
   1. Specify the Registered Issuer Name of the Security Token Issuer created for the High Trust App.
7. App Client ID:
   1. Specify the Client ID of the High Trust App registered in SharePoint.
8. Tenant Authentication Realm:
   1. Specify the Authentication Realm GUID of the 2013/2016/19/SPSE SharePoint farm.
9. Certificate path:
   1. Specify the relative path
   2. The path must start with a tilde followed by a forward slash characters (~/), to the location where the certificate (.pfx) is stored
10. Certificate pass:
    1. Specify the password for the certificate.
11. NameID Claim name:
    1. Specify the name of the claim that contains the SID of the user.
    2. This is required to impersonate the current user during searches.
12. NameID Provider (optional):
    1. Enter the type of the NameID claim value.
13. Account Name Claim Prefix:
    1. Identify claims encoded with the default value.
14. Multi value delimiter:
    1. Specify a character that will be used to delimit multi-value properties.
       

SharePoint 2016/19: User Picture Provider Properties

1. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
2. Username:
   1. Enter the name of the user who has the permissions that are required to retrieve the necessary user properties.
3. Password:
   1. Enter the user password.
      

How to Configure User Profile and Picture Provider Properties for Active Directory

Active Directory: User Profile Provider Properties

1. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
2. LDAP Configuration URL:
   1. Enter your LDAP URL.
   2. For example, ldap://DC=contoso, DC=com
3. LDAP User:
   1. Enter the name of the user who has the permissions that are required to retrieve the necessary user properties.
4. LDAP Password:
   1. Enter the user password.

Active Directory: User Picture Provider Properties

Use the same properties as above, in addition:

• Photo Property in AD:
  • The photo property as defined in Active Directory.

For more information see SharePoint 2010/2013: Claims Encoding.

How to Configure User Provider and Provider Properties for Azure Active Directory

Azure Active Directory: User Picture Provider Properties

Credentials used to access the Azure Active Directory and retrieve user photos

1. User Profile Cache Expiration (minutes):
   1. Enter the number of caching minutes here.
2. Azure app ID:
   1. Enter the ID of your Azure app
3. Azure tenant:
   1. Enter the name of the tenant.
4. Azure secret key:
   1. Enter the secret key defined in Azure.

The minimum permissions needed for fetching the user picture are as follows:

1. Select Application permissions - User.Read.All: Read all users' full profiles

User Picture Provider General Settings

You can use different source systems for User Profile Providers and User Picture Providers.

To configure your user profile provider, use the following steps:

1. Go to the Federator admin UI and click User Picture Settings > Configure.
   
2. The User PictureConfiguration page appears.
3. Application (client) ID: This is the Azure AD "Application ID" as shown in the Azure Portal App Registration page for your application.
4. Directory (tenant) ID: Specify your Azure tenancy ID.
5. Application (client) secret: Enter the client secret key.