I'll describe the search features in detail later in this article. While the document management server provides the core functions to manage documents, it does not provide some of the complex functionality associated with an enterprise document management system, such as object reuse, merging, and complex workflow. Complex document management functions such as these are generally not needed for most businesses that simply want to manage their information more easily. Users can easily integrate SPS into existing work processes with little or no change to these processes.
The Web portal interface provides a rich user interface to information and is accessible by pointing your Web browser to the workspace address. A workspace is a loose collection of information, documents, directories, and their associated indexes that the users can search and access. The Web portal is the first commercialized implementation of the Microsoft Digital Dashboard runtime.
Digital Dashboard technology allows a business to easily customize and extend not only the integration with SPS but also with the business's own applications to help create a single point of access for users. Web parts, formally called Nuggets, are the functional pieces of a Digital Dashboard implementation.
Businesses can also integrate business-specific Web parts to create a single point of access for a user. Figure 2 shows the default Web portal for an IT department's workspace.
While the Web portal provides a rich collection of Web parts to interact with the SPS, workspaces can also be accessed through Web Folders. Web Folders are supported on all versions of Windows, from Windows 95 on up. Web Folders can be mapped to the workspace by supplying the same workspace address as the Web portal. Users who use the Explorer Shell can map a Web Folder to the same workspace address as the Web portal. To use the Explorer view, users must first install the client-side piece.
The Explorer view provides all the Explorer functions that users are familiar with, including the ability to easily copy, move, and delete files and folders. Another great benefit of this interface is the amount of metadata SPS provides when you simply select a file, as you can see in Figure 3.
From the File menu, users can access most of the available document management functions. Figure 4 shows the options available from Microsoft Word Office extensions are available through the install program, while Office XP provides native integration with SPS. Before installing SPS on the server, consult the readme file, which includes a list of updates that should be installed prior to SPS installation.
After the server is installed, a wizard will help you set up the first workspace, Web portal, and Web Folder. That's it! SharePoint Portal Server is ready to use. During installation, SPS makes changes to the server's proxy settings. If the server does not access the Internet through a proxy server, then the proxy settings will need to be changed see the readme file or " Deploying Microsoft SharePoint Portal Server Across an Extranet ".
Administrators can manage server-level settings such as data file locations, proxy server settings, accounts for index crawling and propagation, external content indexing load settings, exchange account information for crawls, Lotus Notes crawl settings, and discussion settings. Access to these server-level settings is available from the server property pages, as you can see in Figure 5.
A single SharePoint Portal Server can support up to 15 workspaces, depending on the number of documents, external indexes, and hardware. The first workspace is created during the initial installation of the server. Any additional workspaces are created through MMC. An administrator creates additional workspaces with the New Workspace Wizard, which is accessible by right-clicking on the server name and selecting New Workspace.
The New Workspace Wizard creates the necessary files for the default Web portal and maps a Web Folder to the new workspace address.
The Microsoft implementation of workspaces creates a virtual server for each workgroup, allowing the workgroup to maintain its own content and settings. The workspace properties that are available from the workspace's property page include workspace contact name and e-mail address, top-level folder access security options, indexing information, log settings, subscription settings, and discussion settings. Generally in these scenarios, dedicated workspaces are created on dedicated servers which can crawl external content Web sites, file shares, other SPS workspaces and propagate the indexes back to the workgroup servers or a dedicated search server.
Larger systems will be able to balance the processing across multiple servers. SPS uses Integrated Windows authentication to control server access if the client supports it.
If not, SPS can be set up to use Basic authentication. Once authenticated, access to information is controlled through the use of roles. SPS currently supports three roles: coordinator, author, and reader. You cannot extend the roles nor create new ones in the current version. Here is a general description of the three roles: Coordinator Two levels of coordinators, workspace and folder, maintain and manage content. Folder coordinators maintain a folder's security list and directory structure for the folder.
Both workspace and folder coordinators can create, edit, and view information within their coordinator area. Author Authors are allowed to create, edit, and view documents that are contained in the folder for which they are the author. Authors can also create, edit, and delete folders. Groups or users assigned to this role can see unpublished changes to a document.
Reader Groups or users assigned to the reader role can only find and view published documents. Readers are unable to view changes to unpublished documents. Workspaces also maintain a security list that becomes the default list for new folders created directly under the workspace. A coordinator of the folder can make changes to the security list, editing the folder's coordinators, authors, and readers, using the Explorer Shell in Windows Coordinators cannot access management functions using other operating systems such as Windows NT or Windows The workspace creates a default security list at the top level.
Properties are inherited from the parents, so folders created within the workspace will be created with a security list that mirrors the workspace. The coordinator has the option to change the inherited security list. The default security list for the workspace is Reader everyone and Coordinator the user who created the workspace , as shown in Figure 8.
Figure 8 Workspace Security Settings Roles are generally assigned at the folder level; that is, each folder contains its own security list. Access control at the folder level allows for a group or user to have different roles based on the folder. For example, a member of the developers group might be an author in the Projects folder, but only a reader in the Policies folders. The developers group might not even have reader roles in the Project Management folders.
Role-based security makes the coordination of the workspaces very easy to manage. After creating the workspace, the administrator assigns a workspace user to act as coordinator. The new coordinator can now create a directory structure, assign users to roles, add external content to the indexes, and modify the workspace as needed.
System administrators are not needed for normal workspace coordination, relieving the need for the IT department to maintain intranets based on SPS. Choosing the type of folder that will contain your information is an important decision since folders within SPS determine the document management functionality available.
Folders can be created within the Web portal as you can see in Figure 9 or from the Explorer Shell. To create new folders within the Web portal you must navigate to the Document Library dashboard and select the Add Subfolder link.
Creating folders within the Explorer Shell is as simple as accessing the context menu with a right-click, then selecting New Folder. Accessing the folder properties allows a coordinator to set the folder type to Standard or Enhanced as well as setting other properties such as the security list and approval routing.
As I said earlier, security is set primarily at the folder level, which means all documents within a folder share the same access list as that of the folder. There is one exception: each document allows coordinators and authors to deny access to a list of users through its property page. Each document contained in SPS is associated with a document profile—a named collection of properties.
Documents are associated with one of many document profiles. Workspace coordinators can create custom profiles using a wizard that is accessed using Windows Explorer by navigating to the Add Document Profile application that is in the Web Folder mapped to the workspace. The application is located in the Management and Document Profile folders.
Figure 10 displays a custom profile. Using the Explorer Shell interface, a folder coordinator can set allowable document profiles as well as the default profile.
A document's associated profile is displayed whenever the document is saved, checked in, or published. This means that coordinators and authors can change the profile type and content whenever the profile is displayed.
Figure 10 Custom Document Profile While every document in SPS has a document profile and a security list associated with it, not every document has access to versioning, publishing, or approval routing. Only documents contained within an Enhanced folder have access to these document management functions which are automatically versioned documents. SPS supports major and minor versions. Major versions 1. Minor versions 1. SharePoint Portal Server maintains a complete copy for each version; therefore, a well-designed directory structure for Enhanced versus Standard folders is important to avoid maintaining versions on documents that may not need versioning.
SPS maintains and increments versions automatically. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy. OIDC 1. In SharePoint and prior versions, SharePoint Server supported three types of authentication methods:.
After registering, go to the Authentication tab and enable ID tokens , then select Save. Go to the API permissions tab and add email and profile permissions.
Go to the Token configuration tab and add email , groups and upn optional claims. Go to the Manifest tab, and manually change replyUrlsWithType. Then select Save. Therefore, there are two versions of OIDC discovery endpoints, respectively:. Replace TenantID with the Directory tenant ID saved in the third step mentioned above and connect to the endpoint through your browser.
Then, save the following information:. In this step, you will need to modify farm properties. Start the SharePoint Management Shell and run the following script:.
Start the SharePoint Management Shell and run the following script to create it:. By using the metadata endpoint provided from the OIDC identity provider, some of the configuration will be retrieved from the OIDC provider metadata endpoint directly, including:. Open the web application you just created and pick contoso. Open the web application you want to extend OIDC authentication to and pick contoso.
Filter the display with the web application that was extended and confirm that you see something like this:. Since OpenID Connect 1. Perform the following steps to set a certificate:. Run the following script to generate a self-signed certificate and add it to the SharePoint farm:.
Self-signed certificates are suitable only for test purposes. In production environments, we strongly recommend that you use certificates issued by a certificate authority instead. In this step, you create a team site collection with two administrators: One as a Windows administrator and one as a federated AAD administrator.
In the People Picker dialog, type the Windows administrator account, for example yvand. On the left, filter the list by selecting Organizations. Following is a sample output:. In the People Picker dialog, type the exact email value of the AAD administrator account, for example yvand contoso. On the left, filter the list by selecting contoso. Once the site collection is created, you should be able to sign-in to it using either the Windows or the federated site collection administrator account.
In OIDC authentication the People Picker does not validate the input, which can lead to misspellings or users accidentally choosing the wrong claim type. Now, customers can start to synchronize profiles into the SharePoint User Profile Application service from the identity provider used in the organization so that the newly created claim provider can work on the correct data set. There are two ways to synchronize user profiles into the SharePoint User Profile Application service:.
During the synchronization, the following three properties need to be provided to the User Profile Application service:. During the synchronization, you must pick which unique identity property in the source will be mapped to the SPS-ClaimID property in the User Profile Application service. The display name of this property is Claim User Identifier in the UX, and it can be customized to other display names by the administrator.
0コメント