Like millions of organizations worldwide, you have deployed Office 365 for your organization. SharePoint Online has become the de-facto collaboration platform for your users. SharePoint “User Profile Store” is serving as primary repository for user profile information that not only synchronizes profile information from Azure Active Directory but also allows saving custom profile properties, not otherwise saved in Azure.
Having SharePoint as primary User Profile repository, other LOB application(s) may make use of this information in their own context. These applications need to reflect the updated profile information as well as may provide the opportunity to update the information for the user. We have observed frequent use cases like this where synchronization of user profile is needed.
The Problem
How to synchronize user profile information between LOB application hosted in Amazon Web Services and SharePoint online seamlessly which also needs to achieve following objectives?
- Displays SharePoint Online user profile properties in legacy application
- Reflects the updates in user profiles made from other interface like Office 365 Delve in the LOB application within a specified interval
- Update the primary User Profile Store in SharePoint Online with any changes made in the custom/LOB application by the user
- SharePoint Online User profile properties are to be searchable from the LOB application
Synchronization is achieved with Amazon Web services LOB application and SharePoint Online.
An App is to be created (henceforth being called as extender app) and deployed in Elastic Block Storage (EBS) in Amazon Web services. This extender app is responsible for profile data communication between the LOB application and the SharePoint Online application.
This extender APP is also to be registered in hosting Azure AD platform where the SharePoint Online exists. It will have delegated permission to use Microsoft Graph API to query for any user’s profile data for the following attributes from SharePoint online
- About me
- Skill sets
- Projects worked on
- Educations
- Interests and hobbies
This extender app will be granted appropriate permission to execute Graph API queries. While performing updates to the SharePoint Online user profile store, LOB application sends the update to the extender application by using a custom REST end point and posting a JSON body with the profile updates. The extender application in turn uses the Graph API to update the profiles in SharePoint Online user profile store.
Now, one of the biggest challenges on the ground is, SharePoint Online does not publish or expose any changes of its user profile data. No API from SharePoint Online is available to detect changes in the user profile information. Therefore, a suggested approach is to periodically retrieve all the profile information and save in a storage location like Amazon S3, then need to compare profile information from two consecutive fetches and extract the differences which indicates updates in profiles. To speed up the comparison, Amazon Elasticache service can be used. Subsequently the updated profile information only gets updated back to the LOB application. A batch job is a preferred way to address this part – which runs periodically.
This batch job is packaged in an app and hosted in EBS in AWS and this will use Graph API get the user profile information in SharePoint Online. Both these apps mentioned above shall make use of same Azure AD app registration details.
