Now imagine that, after previously having no real trouble synchronising these properties into SharePoint on-premises User Profiles in the past, they now want to synchronise the properties into Office 365 SharePoint Online User Profiles. It would be natural to assume that once ADFS and DirSync were correctly configured, it would be pretty basic to set up property mappings as needed. Unfortunately, things aren't quite so simple...
The short story is that only the following properties get synchronised (here I'm ignoring internal reference properties that end users won't care about):
| AD Attribute | User Profile Property |
|---|---|
| givenName | First Name |
| sn | Last Name |
| displayName | Name |
| telephoneNumber | Work Phone |
| department | Department |
| title | Title |
| title | Job Title |
| manager | Manager |
| wWWHomePage | Public Site Redirect |
| proxyAddresses | SIP Address |
| Work e-mail | |
| physicalDeliveryOfficeName | Office |
This is a good start but many organisations will want more (Mobile Number is the first one that comes to mind). Unfortunately, it just isn't possible in the current version of SharePoint Online. You can't add any more properties to be synchronised or even change the mappings for the properties that are already being synchronised. If you try to modify a User Profile Property through the Office 365 Admin UI, the relevant options are presented but not usable:
 |
| Here's a property which is already being synchronised through ADFS that I'd like to modify but there are no Source Data Connections or Attributes to select. |
 |
| Here's the not so helpful dropdown when I click on Source Data Connection. It looks like this UI has been left in SharePoint Online but has no function at this point in time. |
I've discussed this with a few people within Microsoft and the limitation has been acknowledged although it's not directly documented anywhere.
One key fact to remember in understanding the cause of this limitation is that the synchronisation is a two step process. First, the properties are synchronised from your on-premises domain up into the Office 365 domain using ADFS and DirSync (I'm no expert on this process and I've probably oversimplified it). This process allows the data to become available to the Exchange and Lync components of Office 365. The properties that are synchronised in this process are listed by Microsoft here, as far as I am aware this cannot be customised (but I'd welcome it if anyone can correct me here).
Secondly, the properties are synchronised from the cloud domain into SharePoint Online User Profiles using a synchronisation process which is completely internal and hidden from Office 365 tenancy administrators. The documentation here shows the default property mappings for this process for SharePoint 2010 which as far as I can tell applies to both on-premises and Office 365 instances of SharePoint. The key difference is that on-premises SharePoint provides a friendly interface for customising these mappings whereas SharePoint Online offers no UI or administrative capacity at all.
By combining the above documentation it's fairly simple to work out which properties make it all the way from start to finish. If you want more properties then you'll have to put together a completely custom process, but that's a topic for another post...
Note that all of this discussion is based on the 2010 (Wave 14) version of SharePoint Online, I haven't seen ADFS hooked up to a Wave 15 version yet so I'm not sure whether the situation will improve in the upcoming release of Office 365. I'd love to hear if anyone can shed some light on this!
Hi Martin,
ReplyDeleteI'm currently working on a Wave 15 Tenant and it seems (correct me if I'm wrong), that it is still not available to set mappings for user properties. The UI changed a little bit but the drop downs are still blank although we have ADFS connected. We work with a Enterprise (E3) Plan. Do you have any News on this? Thx in advance. Victor
Hi Victor,
DeleteUnfortunately you are correct - it is not supported to change the user profile mappings in a Wave 15 tenant, even where ADFS and DirSync have been applied.
However, I recently presented at some community events around Perth, Australia, regarding a customer engagement where OBS built a custom connector which achieved a completely configurable bidirectional connection between on-premises Active Directory and Office 365 for user profile property mappings. The approach was designed for an international organisation with 10,000s of users and it works for both Wave 14 and Wave 15 Office 365 tenancies.
Drop me a line at martin.harris[at]obs.com.au if you're interested to discuss this further.
HI Martin, can you provide any detail about this custom connector. Because we have tried using the userprofileservice.asmx to update the profile properties from the local AD to online, but were getting authorization issues. What method are you using?
DeleteJoran
Hi Joran,
DeleteIn our implementation we found that we could only update a user profile property using userprofileservice.asmx if we authenticated as the user owning the profile!
This is quite awkward but we got around the limitation by doing the update using JavaScript which was embedded in a page within the My Site Host site collection master page. This code runs under the authentication context of the user who loads the page, so each user's browser can perform the updates for us.
There is some more detail including some graphical data flows of our solution in my presentation deck available here: http://sharepointrepairjoint.blogspot.com.au/2013/02/perth-sharepoint-user-group.html
Nice, this is the same solution I was thinking about. MS SUpport would not provide use the "Manage profile" permission on the user profile service, so updating the profile can only be performed using the current user!
ReplyDeleteIs this solution availlable for download?
Kind regards, Joran
Hi Joran,
DeleteIt's not available for download at the moment but I'm working on it in the background, keep posted...
Hi Martin
ReplyDeleteJust reading your article (as redirected from my Office365 community post) and wondering if there is any further news on whether you have decided to make the solution available?
Cheers
Adam (From the Eastern side of Australia)
Hi Adam,
DeleteSorry, I haven't had time to make this solution a bit more generic and available for use... but I'd be open to discussing your requirements and how we could get something up and running. Contact me at martin.harris [at] obs.com.au and we can talk about getting a solution together.
Hey guys! I am facing exactly the same issue and worryingly enough, the last comment here is from 2013 ... Haven't MS upgraded that lacking feature in Sharepoint already? Can you please let me know if you know anything about it. Our company is 200+ people, big enough for someone to be sitting and imputing phone numbers manually I guess :/
ReplyDeleteHi Lyubomir,
DeleteAs far as I know, the ability to customise the mappings from Azure AD attributes into User Profile Properties still hasn't been brought into Office 365.
Hi Martin, Thank you for the response. That's a shame ... I really don't get the reason behind this, but yeah it's MS and their own product so nothing to do about it. I personally don't like the idea of "hacking" my way around it, so we are just going to stick to what we can use out of the box. Thanks, for your post though I found it quite useful!
DeleteI believe the recently released Azure AD which will eventually replace DirSync does allow some customizations but I haven't had a chance to look into this. If anyone can confirm, please let us know :)
ReplyDeleteJust to make sure I have this correct. My users that are all in O365 with their mobile number showing correctly. However, I create a people directory in SharePoint but the mobile numbers don't display, and this still is not supported?
ReplyDeleteHi Dodge,
DeleteI haven't checked this for a while, but I think you are correct. The new personal profile page is integrated within Delve and there may have been some changes as part of that.
Seems Microsoft has come around to a solution of their own : https://docs.microsoft.com/en-us/sharepoint/dev/solution-guidance/bulk-user-profile-update-api-for-sharepoint-online
ReplyDelete