Profile Management Solution (Flow)

Minimum SharePoint site permissions: Edit
Minimum SharePoint License: Microsoft Power Automate Free

Compliance Tracker 365 comes with an optional Power Automate Solution used to keep User Profiles up to date as people change roles and Active Directory groups.

The Profile Management solution checks that all profiles are up to date based on group membership, job titles, departments, and offices.

Enhanced security can also be applied as profiles are updated. This applies additional security to Log folders.

Each site needs to be enabled from the Management > Flow tab to be processed by the solution.

The solution needs to be deployed separately to Compliance Tracker 365. Once deployed and turned on, it will search for sites and process sites automatically ensuring the right people are always associated with the correct profiles. Disabled user accounts will be removed from profile terms.

Download the latest version of the Profile Management solution CTSGAddUpdateUserswchildflows_1_4_0_80_managed.zip.

It is recommended to create or use an existing service account to deploy and run the solution. This is to ensure password changes or account deactivations don’t impact the process. Make sure the account being used has a minimum of edit permissions (preferable add to the Owners group) to the target site collection(s) that have the Compliance Tracker 365 installed and it has a mailbox enabled.

Deploying Power Automate Solution

The following steps are to be performed with your selected account.

  1. Navigate to flow.microsoft.com or https://make.powerautomate.com/ (logging in, if needed)
  2. Navigate to Solutions at the bottom of the left navigation bar
    • If you see a button to Create a database select it and follow the prompts.
    • Refresh your page after Creating the database.
  3. Select Import at the top of the page.
  4. Select browse and choose the zip file named “CTSGAddUpdateUsers…”
  5. Click next, click next
  6. Upon reaching the page titled “Connections”, some or all of the required connections may require setting up. To do this:
    • Click new connection in each drop down. This will open a new tab
    • On the new tab, click create and then follow the sign in prompt.
    • Navigate back to the original tab and click refresh
  7. Once all connections have been set up, click import and wait 5-10 minutes. A green banner will notify you when this is finished. This should take around a minute.

If you see a warning, it’s likely the CT365 Processing Flow is tuned off. image To fix the issue, open the CT365 Profile Management solution and Turn on the CT365 Processing Flow. Next, Turn on the CT365 Master Flow image

Enable Profile Processing a site

  1. Navigate to the Compliance Tracker 365 management page accessible from the tool bar in Site Pages.
  2. Navigate to the Setup > Flows tab within the web part.
  3. Enabled the User Profile Flow option, select the schedule to process the site and add an support email address for notifications.
  4. If Profile Import uses properties, pre-import groups of uses into Compliance Tracker 365 to create account for properties to be available.

Enable Enhanced Security

  • Once Profile Processing is enabled, you’ll be able to turn on Enhanced Security.
  • Enhanced security permissions are be applied as profiles are processed.
  • To remove enhanced permissions, disable the option to delete unique log folder permissions.
  • For child sites that share terms and profiles, the option for Enhanced Security will only be available if the parent has Profile Processing enabled. If enabled on the parent, Enhanced Security can also be enabled on the child.

Make sure the account running the solution is added to the Owner group (or equivalent) to update profiles and apply permissions.