Guide: Synchronization of SharePoint permissions in MAIA

Last updated 13 days ago

Guide: Synchronizing SharePoint permissions in MAIA

To ensure maximum data security and integrity, MAIA uses strict logic when synchronizing content and permissions from your SharePoint environment. This guide explains how our system interprets permissions and how you can optimally configure your SharePoint sites.

Our security approach: "Security First"

When transferring access rights, MAIA follows the principle of verified access control. Specifically, this means:

  • No one sees more in MAIA than they are allowed to see in SharePoint.

  • When in doubt, MAIA synchronizes more restrictively to ensure that confidential information remains protected.

We support modern, transparent permission structures via Microsoft Entra ID (formerly Azure AD). We deliberately exclude outdated or non-transparent rules to minimize security risks.

Why are legacy permissions not synchronized?

Older SharePoint configurations often contain rule-based legacy permissions (e.g., blanket approval for "everyone except external users"). These rules are often not explicitly stored in the central directory (Entra ID) and are technically difficult to trace.

To avoid security gaps, MAIA ignores these implicit rules. Instead, we only synchronize direct user rights and group rights. This guarantees that permissions are not interpreted "on the off chance," but work exactly as you have explicitly defined them.

Supported configurations for synchronization

In order for your employees to access the relevant SharePoint content in MAIA, permissions must be explicitly assigned. MAIA supports the following two methods:

1. Access via Microsoft 365 groups (recommended)

This is the cleanest and easiest method to manage.

  • Administration: You maintain the members in a Microsoft 365 group in Entra ID (Azure AD).

  • Assignment: This group is stored once in the SharePoint site.

  • Advantage: You only need to add new employees to the group – they will then automatically receive access in SharePoint and MAIA.

  • Link to administration: Microsoft Entra group management

2. Direct user assignment

Alternatively, permissions can be assigned directly at the individual level.

  • Procedure: The individual user is added by name in the permission settings of the SharePoint site.

Instructions: How to add users or groups in SharePoint

To ensure that MAIA can apply the permissions correctly, please add users or Microsoft 365 groups directly in the SharePoint cloud (SharePoint Online):

  1. Open the SharePoint site to which access is to be granted.

  2. Click on the gear icon (settings) in the top right corner.

  3. Select Site Permissions from the menu.

  4. Click on the Add members button (or "Share site" depending on the view).

  5. Now enter the name of the Microsoft 365 group (recommended) or the individual user.

  6. Select the appropriate permission level (e.g., "Members" for editing rights or "Visitors" for read access).

  7. Click Add or Share.

Important note on synchronization time

Please note that changes to group memberships or direct permissions take some time to propagate through all Microsoft systems and then to MAIA.

After you have added a group or user, it can take up to 24 hours for these changes to be fully processed by MAIA and for the corresponding content to be visible to the user in MAIA.