Changing the user identifier settings may impact users with existing permissions.
Configure the user identifier using the Central Administration:
Navigate to the SharePoint Central Administration > Security > EntraCP Global configuration.
Locate the section Configuration for the user identifier to update those settings.
Click on Ok to save your changes.
Configure the user identifier using Powershell:
Add-Type-AssemblyName"Yvand.EntraCP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=65dc6b5903b51636"$config=[Yvand.EntraClaimsProvider.EntraCP]::GetConfiguration()$settings=$config.Settings# Show current settings for the user identifier$settings.ClaimTypes.UserIdentifierConfig# Update the properties for the user identifier$settings.ClaimTypes.UpdateUserIdentifier([Yvand.EntraClaimsProvider.Configuration.DirectoryObjectProperty]::MailNickname)$settings.ClaimTypes.UpdateIdentifierForGuestUsers([Yvand.EntraClaimsProvider.Configuration.DirectoryObjectProperty]::City)# Commit the changes$config.ApplySettings($settings,$true)
During the augmentation, EntraCP gets the group membership of a user from Entra ID, and sends it to SharePoint. This may happen when users sign-in, when using features such as Check permissions, or when processing OAuth2 requests.
Note
Augmentation works best when the group identifier is set to property Id (default setting).
Configure the augmentation using the Central Administration:
Navigate to the SharePoint Central Administration > Security > EntraCP Global configuration.
Locate the checkbox Enable augmentation in the section Configuration for the group identifier.
Click on Ok to save your changes.
Configure the augmentation using Powershell:
Add-Type-AssemblyName"Yvand.EntraCP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=65dc6b5903b51636"$config=[Yvand.EntraClaimsProvider.EntraCP]::GetConfiguration()$settings=$config.Settings# Show if augmentation is enabled$settings.EnableAugmentation# Disable the augmentation$settings.EnableAugmentation=$false# Commit the changes$config.ApplySettings($settings,$true)
Changing the group identifier settings may impact existing group permissions.
Configure the group identifier using the Central Administration:
Navigate to the SharePoint Central Administration > Security > EntraCP Global configuration.
Locate the section Configuration for the group identifier to update those settings.
Click on Ok to save your changes.
Configure the group identifier using Powershell:
Add-Type-AssemblyName"Yvand.EntraCP, Version=1.0.0.0, Culture=neutral, PublicKeyToken=65dc6b5903b51636"$config=[Yvand.EntraClaimsProvider.EntraCP]::GetConfiguration()$settings=$config.Settings# Show current settings for the group identifier$settings.ClaimTypes.GroupIdentifierConfig# Update the property for the group identifier$settings.ClaimTypes.UpdateGroupIdentifier([Yvand.EntraClaimsProvider.Configuration.DirectoryObjectProperty]::Id)# Commit the changes$config.ApplySettings($settings,$true)