Default project template for Azure Active Directory
A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.
Detailed information about this topic
Project template for Azure Active Directory tenants
The project template uses mappings for the following schema types.
Table 48: Azure Active Directory schema type mapping
DirectoryRole |
AADDirectoryRole |
Group |
AADGroup |
LicenseAssignments |
AADUserHasSubSku |
GroupLicenseAssignments |
AADGroupHasSubSku |
Organization |
AADOrganization |
ServicePlanInfo |
AADServicePlan |
SubscribedSku |
AADSubSku |
User |
AADUser |
VerifiedDomain |
AADVerifiedDomain |
Application |
AADApplication |
AppRole |
AADAppRole |
AppRoleAssignment |
AADAppRoleAssignment |
ServicePrincipal |
AADServicePrincipal |
ActivityBasedTimeoutPolicy |
AADActivityBasedTimeoutPolicy |
HomeRealmDiscoveryPolicy |
AADHomeRealmDiscoveryPolicy |
TokenIssuancePolicy |
AADTokenIssuancePolicy |
TokenLifetimePolicy |
AADTokenLifetimePolicy |
Project template for Azure Active Directory B2C tenants
The project template uses mappings for the following schema types.
Table 49: Azure Active Directory schema type mapping
ActivityBasedTimeoutPolicy |
AADActivityBasedTimeoutPolicy |
Application |
AADApplication |
AppRole |
AADAppRole |
AppRoleAssignment |
AADAppRoleAssignment |
DirectoryRole |
AADDirectoryRole |
Group |
AADGroup |
GroupLicenseAssignments |
AADGroupHasSubSku |
HomeRealmDiscoveryPolicy |
AADHomeRealmDiscoveryPolicy |
Organization |
AADOrganization |
ServicePrincipal |
AADServicePrincipal |
TokenIssuancePolicy |
AADTokenIssuancePolicy |
TokenLifetimePolicy |
AADTokenLifetimePolicy |
User |
AADUser |
VerifiedDomain |
AADVerifiedDomain |
Editing Azure Active Directory system objects
The following table describes permitted editing methods of Azure Active Directory schema types and names restrictions required by system object processing.
Table 50: Methods available for editing schema types
Subscriptions (SubscribedSku) |
Yes |
No |
No |
No |
Administrator roles (DirectoryRole) |
Yes |
No |
No |
Yes |
User accounts (User) |
Yes |
Yes |
Yes |
Yes |
Service plans (ServicePlanInfo) |
Yes |
No |
No |
No |
Domains (VerifiedDomain) |
Yes |
No |
No |
No |
Groups (Group) |
Yes |
Yes |
Yes |
Yes |
License assignments to user accounts (LicenseAssignments) |
Yes |
Yes |
Yes |
Yes |
License assignments to groups (GroupLicenseAssignments) |
Yes |
No |
No |
No |
Tenants (Organization) |
Yes |
No |
No |
Yes |
Applications (Application) |
Yes |
No |
No |
Yes |
Service principle (ServicePrincipal) |
Yes |
No |
No |
Yes |
App roles (AppRole) |
Yes |
No |
No |
No |
Assignments to app roles (AppRoleAssignment) |
Yes |
Yes |
Yes |
Yes |
Policies on activity-based timeout (ActivityBasedTimeoutPolicy) |
Yes |
No |
No |
No |
Policies on home realm discovery (HomeRealmDiscoveryPolicy) |
Yes |
No |
No |
No |
Policies on token issuance (TokenIssuancePolicy) |
Yes |
No |
No |
No |
Policies on token lifetime (TokenLifetimePolicy) |
Yes |
No |
No |
No |
Classifications (AADGroupClassificationLbl) |
Yes |
No |
No |
No |