Tchater maintenant avec le support

Obtenir une aide instantanée
Terminer l’enregistrement

Se connecter

Demander les tarifs

Contacter le service des ventes

Identity Manager 8.2 - Administration Guide for Connecting to Azure Active Directory

Parcourir le contenu

Managing Azure Active Directory environments

Architecture overview One Identity Manager users for managing an Azure Active Directory environment Configuration parameters for managing an Azure Active Directory environment

Synchronizing an Azure Active Directory environment

Setting up initial synchronization with an Azure Active Directory tenant

Registering an enterprise application for One Identity Manager in the Azure Active Directory tenant Users and permissions for synchronizing with Azure Active Directory Setting up the Azure Active Directory synchronization server

System requirements for the Azure Active Directory synchronization server Installing One Identity Manager Service with an Azure Active Directory connector

Creating a synchronization project for initial synchronization of an Azure Active Directory tenant

Information required for Azure Active Directory synchronization projects Creating an initial synchronization project for an Azure Active Directory tenant

Configuring the synchronization log

Adjusting the synchronization configuration for Azure Active Directory environments

Configuring synchronization with Azure Active Directory tenants Configuring synchronization of different Azure Active Directory tenants Customizing synchronization projects to invite guest users Supporting custom Azure Active Directory extensions Changing system connection settings of Azure Active Directory tenants

Editing connection parameters in the variable set Editing target system connection properties

Updating schemas Speeding up synchronization Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Deactivating synchronization Displaying synchronization results Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing Azure Active Directory user accounts through account definitions

Troubleshooting Ignoring data error in synchronization

Managing Azure Active Directory user accounts and employees

Account definitions for Azure Active Directory user accounts

Creating account definitions Editing account definitions Main data for an account definition Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions in the IT Shop

Assigning account definitions to Azure Active Directory tenants Deleting account definitions

Assigning employees automatically to Azure Active Directory user accounts

Editing search criteria for automatic employee assignment Finding employees and directly assigning them to user accounts Changing manage levels for Azure Active Directory user accounts

Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Specifying deferred deletion for Azure Active Directory user accounts

Managing memberships in Azure Active Directory groups

Assigning Azure Active Directory groups to Azure Active Directory user accounts

Prerequisites for indirect assignment of Azure Active Directory groups to Azure Active Directory user accounts Assigning Azure Active Directory groups to departments, cost centers and locations Assigning Azure Active Directory groups to business roles Adding Azure Active Directory groups to system roles Adding Azure Active Directory groups to the IT Shop Assigning Azure Active Directory user accounts directly to Azure Active Directory groups Assigning Azure Active Directory groups directly to Azure Active Directory user accounts

Effectiveness of group memberships Azure Active Directory group inheritance based on categories Overview of all assignments

Managing Azure Active Directory administrator roles assignments

Assigning Azure Active Directory administrator roles to Azure Active Directory user accounts

Prerequisites for indirect assignment of Azure Active Directory administration roles to Azure Active Directory user accounts Assigning Azure Active Directory administrator roles to departments, cost centers, and locations Assigning Azure Active Directory administrator roles to business roles Adding Azure Active Directory administrator roles to system roles Adding Azure Active Directory administrator roles in the IT Shop Assigning Azure Active Directory user accounts directly to Azure Active Directory administrator roles Assigning Azure Active Directory administrator roles directly to Azure Active Directory user accounts

Azure Active Directory administrator role inheritance based on categories

Managing Azure Active Directory subscription and Azure Active Directory service plan assignments

Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts

Prerequisites for indirect assignment of Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning Azure Active Directory subscriptions to departments, cost centers, and locations Assigning Azure Active Directory subscriptions to business roles Adding Azure Active Directory subscriptions to system roles Adding Azure Active Directory subscriptions to the IT Shop Assigning Azure Active Directory user account directly to Azure Active Directory subscriptions Assigning Azure Active Directory subscriptions directly to Azure Active Directory user accounts

Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts

Prerequisites for indirect assignment of disabled Azure Active Directory service plans to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans directly to departments, cost centers, and locations Assigning disabled Azure Active Directory service plans to business roles Adding disabled Azure Active Directory service plans to system roles Adding disabled Azure Active Directory service plans to the IT Shop Assigning Azure Active Directory user accounts directly to disabled Azure Active Directory service plans Assigning disabled Azure Active Directory service plans directly to Azure Active Directory user accounts

Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories

Login information for Azure Active Directory user accounts

Password policies for Azure Active Directory user accounts

Predefined password policies Using password policies Creating password policies Editing password policies General main data of password policies Policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Password exclusion list Checking passwords Testing password generation

Initial password for new Azure Active Directory user accounts Email notifications about login data

Mapping of Azure Active Directory objects in One Identity Manager

Azure Active Directory core directories

Azure Active Directory tenant

General main data of Azure Active Directory tenants Information about local Active Directory Defining categories for the inheritance of entitlements Editing the synchronization project for an Azure Active Directory tenant

Azure Active Directory domains Azure Active Directory policies for activity-based timeouts Azure Active Directory policies for home realm discovery Azure Active Directory policies for issuing tokens Azure Active Directory policies for token lifetime

Azure Active Directory user accounts

Creating and editing Azure Active Directory user accounts

General main data of Azure Active Directory user accounts Contact data for Azure Active Directory user accounts Information about the user profile for Azure Active Directory user accounts Organizational data for Azure Active Directory user accounts Information about the local Active Directory user account

Assigning extended properties to Azure Active Directory user accounts Disabling Azure Active Directory user accounts Deleting and restoring Azure Active Directory user accounts Displaying the Azure Active Directory user account overview Displaying Active Directory user accounts for Azure Active Directory user accounts

Azure Active Directory groups

Editing main data of Azure Active Directory groups

General main data of Azure Active Directory groups Information about local Active Directory groups

Adding Azure Active Directory groups to Azure Active Directory groups Assigning owners to Azure Active Directory groups Assigning extended properties to Azure Active Directory groups Deleting Azure Active Directory groups Displaying the Azure Active Directory group overview Displaying Active Directory groups for Azure Active Directory groups

Azure Active Directory administrator roles

Editing main data of Azure Active Directory administrator roles Assigning extended properties to Azure Active Directory administrator roles Displaying the Azure Active Directory administration role overview

Azure Active Directory subscriptions and Azure Active Directory service principals

Editing Azure Active Directory subscription main data Assigning additional properties to Azure Active Directory subscriptions Displaying the Azure Active Directory subscriptions and service plan overview

Disabled Azure Active Directory service plans

Editing main data of disabled Azure Active Directory service plans Assigning extended properties to disabled Azure Active Directory service plans Displaying the disabled Azure Active Directory service plan overview

Azure Active Directory applications and Azure Active Directory service principals

Displaying information about Azure Active Directory applications Assigning owners to Azure Active Directory applications Displaying Azure Active Directory applications Displaying information about Azure Active Directory service principals Assigning owner to Azure Active Directory service principals Editing authorizations for Azure Active Directory service principals Displaying Azure Active Directory service principal main data

Reports about Azure Active Directory objects

Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment

Target system managers for Azure Active Directory Job server for Azure Active Directory-specific process handling

General main data of Job servers Specifying server functions

Troubleshooting

Possible errors when synchronizing an Azure Active Directory tenant

Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Azure Active Directory policies for issuing tokens

You can use Azure Active Directory token issuance policies to specify SAML token properties for logging in. To provide an Azure Active Directory token issuance policy for an Azure Active Directory application, you assign the policy to the Azure Active Directory application. For more information, see the Azure Active Directory documentation from Microsoft.

Azure Active Directory token issuance policies are loaded into One Identity Manager during synchronization and cannot be changed.

To display information about an Azure Active Directory policy

In the Manager, select the Azure Active Directory > Tenants > <your tenant> > Policies > Token issuance policies category.
In the result list, select the Azure Active Directory policy.
Select one of the following tasks:
- Token issuance policy overview: This shows you an overview of the Azure Active Directory policy and its dependencies.
- Change main data: Shows the Azure Active Directory policy's main data. You cannot edit the main data.
  - Display name: The Azure Active Directory policy's display name.
  - Description: Description of the Azure Active Directory policy.
  - Definition: Definition of the Azure Active Directory in JSON format.
  - Tenant: Azure Active Directory tenant that owns the policy.
  - Default policy: Specifies whether this is the Azure Active Directory tenant's default policy.

Related topics

Displaying Azure Active Directory applications

Azure Active Directory policies for token lifetime

You can use Azure Active Directory token lifetime policies to specify the validity of token for logging in. To provide an Azure Active Directory token lifetime policy for an Azure Active Directory application, you assign the policy to the Azure Active Directory application. For more information, see the Azure Active Directory documentation from Microsoft.

Azure Active Directory token lifetime policies are loaded into One Identity Manager during synchronization and cannot be changed.

To display information about an Azure Active Directory policy

In the Manager, select the Azure Active Directory > Tenants > <your tenant> > Policies > Token lifetime policies category.
In the result list, select the Azure Active Directory policy.
Select one of the following tasks:
- Token lifetime policy overview: This shows you an overview of the Azure Active Directory policy and its dependencies.
- Change main data: Shows the Azure Active Directory policy's main data. You cannot edit the main data.
  - Display name: The Azure Active Directory policy's display name.
  - Description: Description of the Azure Active Directory policy.
  - Definition: Definition of the Azure Active Directory in JSON format.
  - Tenant: Azure Active Directory tenant that owns the policy.
  - Default policy: Specifies whether this is the Azure Active Directory tenant's default policy.

Related topics

Displaying Azure Active Directory applications

Azure Active Directory user accounts

You use One Identity Manager to manage user accounts in Azure Active Directory. The user requires a subscription to access the service plans in Azure Active Directory. Azure Active Directory user accounts obtain the required access permissions to the resources through membership in groups.

Related topics

Creating and editing Azure Active Directory user accounts

A user account can be linked to an employee in One Identity Manager. You can also manage user accounts separately from employees.

NOTE: It is recommended to use account definitions to set up user accounts for company employees. In this case, some of the main data described in the following is mapped through templates from employee main data.

NOTE: If employees are to obtain their user accounts through account definitions, the employees must own a central user account and obtain their IT operating data through assignment to a primary department, a primary location, or a primary cost center.

TIP: You can combine the account definition for creating the user account and the subscription that will be used into one system role. In this way, the employee automatically obtains a user account and a subscription.

An employee can obtain this system role directly through departments, cost centers, locations, or business roles, or an IT Shop request.

To create a user account

In the Manager, select the Azure Active Directory > User accounts category.
Click in the result list.
On the main data form, edit the main data of the user account.
Save the changes.

To edit main data of a user account

In the Manager, select the Azure Active Directory > User accounts category.
Select the user account in the result list.
Select the Change main data task.
Edit the user account's resource data.
Save the changes.

To manually assign a user account for an employee

In the Manager, select the Employees > Employees category.
Select the employee in the result list.
Select the Assign Azure Active Directory user accounts task.
Assign a user account.
Save the changes.

Detailed information about this topic

Related topics

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation

© 2024 One Identity LLC. ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center