サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.1.1 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and employees Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login information for Azure Active Directory user accounts Mapping of Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory user identities Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Default project template for Azure Active Directory

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Detailed information about this topic

Project template for Azure Active Directory tenants

The project template uses mappings for the following schema types.

Table 48: Azure Active Directory schema type mapping

Schema type in Azure Active Directory

Table in the One Identity Manager Schema

DirectoryRole

AADDirectoryRole

Group

AADGroup

LicenseAssignments

AADUserHasSubSku

GroupLicenseAssignments

AADGroupHasSubSku

Organization

AADOrganization

ServicePlanInfo

AADServicePlan

SubscribedSku

AADSubSku

User

AADUser

VerifiedDomain

AADVerifiedDomain

Application

AADApplication

AppRole

AADAppRole

AppRoleAssignment

AADAppRoleAssignment

ServicePrincipal

AADServicePrincipal

ActivityBasedTimeoutPolicy

AADActivityBasedTimeoutPolicy

HomeRealmDiscoveryPolicy

AADHomeRealmDiscoveryPolicy

TokenIssuancePolicy

AADTokenIssuancePolicy

TokenLifetimePolicy

AADTokenLifetimePolicy

Project template for Azure Active Directory B2C tenants

The project template uses mappings for the following schema types.

Table 49: Azure Active Directory schema type mapping

Schema type in Azure Active Directory

Table in the One Identity Manager Schema

ActivityBasedTimeoutPolicy

AADActivityBasedTimeoutPolicy

Application

AADApplication

AppRole

AADAppRole

AppRoleAssignment

AADAppRoleAssignment

DirectoryRole

AADDirectoryRole

Group

AADGroup

GroupLicenseAssignments

AADGroupHasSubSku

HomeRealmDiscoveryPolicy

AADHomeRealmDiscoveryPolicy

Organization

AADOrganization

ServicePrincipal

AADServicePrincipal

TokenIssuancePolicy

AADTokenIssuancePolicy

TokenLifetimePolicy

AADTokenLifetimePolicy

User

AADUser

VerifiedDomain

AADVerifiedDomain

Editing Azure Active Directory system objects

The following table describes permitted editing methods of Azure Active Directory schema types and names restrictions required by system object processing.

Table 50: Methods available for editing schema types
Type Read Add Delete Refresh

Subscriptions (SubscribedSku)

Yes

No

No

No

Administrator roles (DirectoryRole)

Yes

No

No

Yes

User accounts (User)

Yes

Yes

Yes

Yes

Service plans (ServicePlanInfo)

Yes

No

No

No

Domains (VerifiedDomain)

Yes

No

No

No

Groups (Group)

Yes

Yes

Yes

Yes

License assignments to user accounts (LicenseAssignments)

Yes

Yes

Yes

Yes

License assignments to groups (GroupLicenseAssignments)

Yes

No

No

No

Tenants (Organization)

Yes

No

No

Yes

Applications (Application)

Yes

No

No

Yes

Service principle (ServicePrincipal)

Yes

No

No

Yes

App roles (AppRole)

Yes

No

No

No

Assignments to app roles (AppRoleAssignment)

Yes

Yes

Yes

Yes

Policies on activity-based timeout (ActivityBasedTimeoutPolicy)

Yes

No

No

No

Policies on home realm discovery (HomeRealmDiscoveryPolicy)

Yes

No

No

No

Policies on token issuance (TokenIssuancePolicy)

Yes

No

No

No

Policies on token lifetime (TokenLifetimePolicy)

Yes

No

No

No

Classifications (AADGroupClassificationLbl)

Yes

No

No

No

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択