Assigning Azure Active Directory administrator roles to departments, cost centers, and locations
By assigning administrator roles to departments, cost centers, or locations, you enable the group to be assigned to user accounts through these organizations.
To assign an administrator role to departments, cost centers, or locations (non role-based login)
- Select the Azure Active Directory | Administrator roles category.
- Select the administrator role in the result list.
- Select the Assign organizations task.
-
In the Add assignments pane, assign the organizations:
-
On the Departments tab, assign departments.
-
On the Locations tab, assign locations.
-
On the Cost centers tab, assign cost centers.
TIP: In the Remove assignments pane, you can remove assigned organizations.
To remove an assignment
- Select the organization and double-click .
- Save the changes.
To assign administrator roles to departments, cost centers or locations (role-based login)
- Select the Organizations | Departments category.
- OR -
Select the Organizations | Cost centers category.
- OR -
Select the Organizations | Locations category.
- Select the department, cost center or location in the result list.
- Select the Assign Azure Active Directory administrator roles task.
- In the Add assignments pane, assign administrator roles.
- OR -
In the Remove assignments pane, remove administrator roles.
- Save the changes.
Related topics
Assigning Azure Active Directory administrator roles to business roles
Installed modules: |
Business Roles Module |
By assigning administrator roles to business roles, the administrator role can be assigned to user accounts through these business roles.
To assign an administrator role to business roles (non role-based login)
- Select the Azure Active Directory | Administrator roles category.
- Select the administrator role in the result list.
- Select the Assign business roles task.
-
In the Add assignments pane, assign business roles.
TIP: In the Remove assignments pane, you can remove assigned business roles.
To remove an assignment
- Select the business role and double-click .
- Save the changes.
To assign administrator roles to a business role (non role-based login)
- Select the Business roles | <Role class> category.
- Select the business role in the result list.
- Select the Assign Azure Active Directory administrator roles task.
- In the Add assignments pane, assign administrator roles.
- OR -
In the Remove assignments pane, remove administrator roles.
- Save the changes.
Related topics
Assigning Azure Active Directory user accounts directly to Azure Active Directory administrator roles
Administrator roles can be assigned directly or indirectly to user accounts. Indirect assignment is carried out by allocating the employee and administrator roles in company structures, like departments, cost centers, locations, or business roles. If the employee has a user account in Azure Active Directory, the administrator roles in the role are inherited by this user account.
To react quickly to special requests, you can assign administrator roles directly to user accounts.
To assign a user account directly to an administrator role.
- Select the Azure Active Directory | Administrator roles category.
- Select the administrator role in the result list.
- Select the Assign user accounts task.
-
In Add assignments pane, assign user accounts.
TIP: In the Remove assignments pane, you can remove assigned user accounts.
To remove an assignment
- Select the user account and double-click .
- Save the changes.
Related topics
Adding Azure Active Directory administrator roles to system roles
Installed modules: |
System Roles Module |
Use this task to add an administrator role to system roles. When you assign a system role to an employee, the administrator roles are inherited by all user accounts that these employees have.
NOTE: Applications in which the Only use in IT Shop option is set can only be assigned to system roles that also have this option set. For more information, see the One Identity Manager System Roles Administration Guide.
To assign an administrator role to system roles
- Select the Azure Active Directory | Administrator roles category.
- Select the administrator role in the result list.
- Select the Assign system roles task.
-
In the Add assignments pane, assign system roles.
TIP: In the Remove assignments pane, you can remove assigned system roles.
To remove an assignment
- Select the system role and double-click .
- Save the changes.
Related topics