Chatta subito con l'assistenza
Chat con il supporto

Identity Manager 8.2.1 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Azure Active Directory user accounts and employees Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login information for Azure Active Directory user accounts Mapping of Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory applications and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

General main data of Azure Active Directory groups

Enter the following data on the General tab.

Table 33: General main data
Property Description

Display name

The display name is used to display the group in the One Identity Manager tools user interface.

Tenant

The group's Azure Active Directory tenant.

Alias

Email alias for the group.

Email address

Group's email address

Proxy addresses

Other email addresses for the group. You can also add other mail connectors (for example, CCMail, MS) in addition to the standard address type (SMTP, X400).

Use the following syntax to set up other proxy addresses:

Address type: new email address

Group type

The type of group. is empty for security and distribution groups. The value is Unified for Office 365 groups and For dynamic groups, the value entered is DynamicMembership.

Security group

Specifies whether this group is a security group. Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier.

Mail-enabled

Specifies whether the email is enabled for the group. If this option is set for a security group, it is a mail-enabled security group. Otherwise, it is a distribution group.

IT Shop

Specifies whether the group can be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. The group can still be assigned directly to hierarchical roles.

Only for use in IT Shop

Specifies whether the group can only be requested through the IT Shop. If this option is set, the group can be requested by the employees through the Web Portal and distributed with a defined approval process. Direct assignment of the group to hierarchical roles or user accounts is not permitted.

Service item

Service item data for requesting the group through the IT Shop.

Risk index

Value for evaluating the risk of assigning the group to user accounts. Set a value in the range 0 to 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is activated.

For more information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

 Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Select one or more categories from the menu.

Description

Text field for additional explanation.

Read-only memberships

Specifies whether the memberships are read-only. The memberships are regulated by the target system. Manual changes to memberships in One Identity Manager are not permitted.

Related topics

Information about local Active Directory groups

The Federation tab shows information about the local Active Directory user account that is linked to the Azure Active Directory user account.

Assignments to Azure Active Directory groups that are synchronized with the local Active Directory are not allowed in One Identity Manager. These groups cannot be requested through the web portal. You can only manage these groups in your locally. For more information, see the Azure Active Directory documentation from Microsoft.

Table 34: Local Active Directory group data
Property Description

Synchronization with local Active Directory enabled

Specifies whether synchronization with a local Active Directory is enabled.

Last synchronization

Time of the last Azure Active Directory group synchronization with the local Active Directory.

SID of local group

Security ID of the local Active Directory group.

Related topics

Adding Azure Active Directory groups to Azure Active Directory groups

Use this task to add a group to another group. This means that the groups can be hierarchically structured.

To assign groups directly to a group as members

  1. In the Manager, select the Azure Active Directory > Groups category.

  2. Select the group in the result list.

  3. Select the Assign groups category.

  4. Select the Has members tab.

  5. Assign child groups in Add assignments.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.

To add a group as a member of other groups

  1. In the Manager, select the Azure Active Directory > Groups category.

  2. Select the group in the result list.

  3. Select the Assign groups task.

  4. Select the Is member of tab.

  5. In the Add assignments pane, assign parent groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  6. Save the changes.

Assigning owners to Azure Active Directory groups

A group owner can edit group properties.

To assign owners to a group

  1. In the Manager, select the Azure Active Directory > Groups category.

  2. Select the group in the result list.

  3. Select the Assign owner task.

  4. Select the table containing the owner from the Table menu at the top of the form. You have the following options:

    • Azure Active Directory user accounts

  5. In the Add assignments pane, assign owners.

    TIP: In the Remove assignments pane, you can remove assigned owners.

    To remove an assignment

    • Select the owner and double-click .

  6. Save the changes.
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione