To view the Azure membership details of an cloud-only Azure user, you can use the Active Roles Web Interface.
Viewing cloud-only Azure user membership details
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Azure > <Azure tenant> > Azure Users.
The Azure Users page is displayed and lists the Azure users that are available in Azure.
-
In the Command pane, click Azure member of.
You can view the Azure group to which the cloud-only Azure user is associated.
To view the Change History and User Activity for a cloud-only Azure user, you can use the Active Roles Web Interface.
To view the Change History and User Activity of a cloud-only Azure user
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Azure > <Azure tenant> > Azure Users.
The Azure Users page is displayed and lists the Azure users that are available in Azure.
-
To view the history, select the Azure user.
-
In the Command pane, click Change History or User Activity.
Selecting Change History displays the information on changes that were made to the user through Active Roles.
To delete an Azure user , you can use the Active Roles Web Interface.
To delete an Azure user account
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Azure > <Azure tenant> > Azure Users.
The Azure Users page is displayed and lists the Azure users that are available in Azure.
-
Select the Azure user that you want to delete.
-
In the Command pane, click Delete.
A message prompts you to confirm the action.
-
Click Yes to continue.
The Azure user that are selected are deleted.
You can invite (or re-invite), modify and remove cloud-only Azure guest users in the Azure AD of your organization with the Active Roles Web Interface.
An Azure guest user is a type of cloud-only Azure user that is not part of the organization domain for which you configure it.
When you create a new cloud-only Azure user for your organization, you must:
-
Specify a User Principal Name (UPN) and password for the Azure user.
-
Select the organization domain where the Azure user will be located within the Azure tenant.
However, when you create an Azure guest user, no domains are assigned to the user within the Azure tenant. Instead, the procedure has the following main steps:
-
You specify the basic permissions of the guest user, along with an email address to which Active Roles will send an invitation.
-
Using the link in the invitation email, the guest user can gain the configured access with their account upon joining the organization.
-
Once the guest accepted the invitation, you can assign additional permissions (like roles, licenses, storage space, and so on) to the user, similarly to a regular cloud-only Azure user.
NOTE: Active Roles does not restrict the type of permissions that you can assign to Azure guest users. However, for security reasons, One Identity recommends that you assign only the rights and resources to guest users that external contractors typically receive in your organization.