Chat now with support
Chat with Support

Identity Manager 9.2 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and identities Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login credentials for Azure Active Directory user accounts Azure Active Directory role management Mapping Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory user identities Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory administrative units Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Configuring synchronization with Azure Active Directory tenants

The synchronization project for initial synchronization provides a workflow for initial loading of target system objects (initial synchronization) and one for provisioning object modifications from the One Identity Manager database to the target system (provisioning). To use One Identity Manager as the primary system during synchronization, you also require a workflow with synchronization in the direction of the Target system.

To create a synchronization configuration for synchronizing in Azure Active Directory tenants

  1. In the Synchronization Editor, open the synchronization project.

  2. Check whether the existing mappings can be used to synchronize into the target system. Create new maps if required.

  3. Create a new workflow with the workflow wizard.

    This creates a workflow with Target system as its direction of synchronization.

  4. Create a new start up configuration. Use the new workflow to do this.

  5. Save the changes.
  6. Run a consistency check.

Related topics

Configuring synchronization of different Azure Active Directory tenants

If you want to customize a synchronization project to synchronize another Azure Active Directory tenant, make sure that you use the same type of authentication on the application when registering it in the Azure Active Directory tenant.

Depending on how the One Identity Manager application is registered in the Azure Active Directory tenant, either a user account with sufficient permissions or the secret key is required. For more information, see Registering an enterprise application for One Identity Manager in the Azure Active Directory tenant.

To customize a synchronization project for synchronizing another Azure Active Directory tenant

  1. In the Synchronization Editor, open the synchronization project.

  1. Create a new base object for every other tenant.

    • Use the wizard to attach a base object.

    • In the wizard, select the Azure Active Directory connector.

    • Declare the connection parameters. The connection parameters are saved in a special variable set.

    A start up configuration is created that uses the newly created variable set.

  2. Change other elements of the synchronization configuration as required.

  3. Save the changes.
  4. Run a consistency check.

Related topics

Customizing synchronization projects to invite guest users

For more information about guest users in Azure Active Directory, see the Azure Active Directory documentation from Microsoft.

In One Identity Manager you can set up user account with the following user types:

  • Member: Normal Azure Active Directory user account.

  • Guest: User account for guest users. The Azure Active Directory connector creates a user account for guest users and ensures that an invitation is sent by email to the given email address.

To send guest user invitations, you must alter the variables in the synchronization project.

Variable

Description

GuestInviteSendMail

Specifies whether the guest user invitation will be sent.

Default: True

GuestInviteLanguage

Language to use for sending the guest user invitation.

Default: en-us

GuestInviteCustomMessage

Personal welcome greeting for the guest user.

GuestInviteRedirectUrl

URL to reroute guest users after they have accepted the invitation and registered.

Default: http://www.office.com

Related topics

Supporting custom Azure Active Directory extensions

In Azure Active Directory, you can add schema extensions for Azure Active Directory applications that are registered in the company. Schema extensions in Azure Active Directory have the format extension_<appId>_<propertyName>. For more information about schema extensions, see the Microsoft Graph API under https://docs.microsoft.com/en-us/graph/extensibility-overview.

The Azure Active Directory connector can read and write Azure Active Directory schema extensions.

To map and synchronize Azure Active Directory schema extensions in One Identity Manager

  1. Extend the One Identity Manager schema by the custom columns. Use the Schema Extension program to do this.

    For more information about extending the One Identity Manager schema, see the One Identity Manager Configuration Guide.

  2. Use the Synchronization Editor to update the target system schema in your synchronization project and the One Identity Manager connection's schema.

    For more information about updating schema in the Synchronization Editor, see the One Identity Manager Target System Synchronization Reference Guide.

  3. In the Synchronization Editor, extend the mappings in your synchronization project by the respective property mapping rules for schema extensions.

    For more information about editing property mapping rules in the Synchronization Editor, see the One Identity Manager Target System Synchronization Reference Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating