Project template for Azure Active Directory tenants
The project template uses mappings for the following schema types.
Table 52: Azure Active Directory schema type mapping
|
DirectoryRole |
AADDirectoryRole |
|
Group |
AADGroup |
|
LicenseAssignments |
AADUserHasSubSku |
|
GroupLicenseAssignments |
AADGroupHasSubSku |
|
Organization |
AADOrganization |
|
ServicePlanInfo |
AADServicePlan |
|
SubscribedSku |
AADSubSku |
|
User |
AADUser |
|
VerifiedDomain |
AADVerifiedDomain |
|
Application |
AADApplication |
|
AppRole |
AADAppRole |
|
AppRoleAssignment |
AADAppRoleAssignment |
|
ServicePrincipal |
AADServicePrincipal |
|
ActivityBasedTimeoutPolicy |
AADActivityBasedTimeoutPolicy |
|
HomeRealmDiscoveryPolicy |
AADHomeRealmDiscoveryPolicy |
|
TokenIssuancePolicy |
AADTokenIssuancePolicy |
|
TokenLifetimePolicy |
AADTokenLifetimePolicy |
|
AdministrativeUnit |
AADAdministrativeUnit |
Project template for Azure Active Directory B2C tenants
The project template uses mappings for the following schema types.
Table 53: Azure Active Directory schema type mapping
|
AdministrativeUnit |
AADAdministrativeUnit |
|
ActivityBasedTimeoutPolicy |
AADActivityBasedTimeoutPolicy |
|
Application |
AADApplication |
|
AppRole |
AADAppRole |
|
AppRoleAssignment |
AADAppRoleAssignment |
|
DirectoryRole |
AADDirectoryRole |
|
Group |
AADGroup |
|
GroupLicenseAssignments |
AADGroupHasSubSku |
|
HomeRealmDiscoveryPolicy |
AADHomeRealmDiscoveryPolicy |
|
Organization |
AADOrganization |
|
ServicePrincipal |
AADServicePrincipal |
|
TokenIssuancePolicy |
AADTokenIssuancePolicy |
|
TokenLifetimePolicy |
AADTokenLifetimePolicy |
|
User |
AADUser |
|
VerifiedDomain |
AADVerifiedDomain |
Editing Azure Active Directory system objects
The following table describes permitted editing methods of Azure Active Directory schema types and names restrictions required by system object processing.
Table 54: Methods available for editing schema types
|
Subscriptions (SubscribedSku) |
Yes |
No |
No |
No |
|
Administrator roles (DirectoryRole) |
Yes |
No |
No |
Yes |
|
User accounts (User) |
Yes |
Yes |
Yes |
Yes |
|
Service plans (ServicePlanInfo) |
Yes |
No |
No |
No |
|
Domains (VerifiedDomain) |
Yes |
No |
No |
No |
|
Groups (Group) |
Yes |
Yes |
Yes |
Yes |
|
License assignments to user accounts (LicenseAssignments) |
Yes |
Yes |
Yes |
Yes |
|
License assignments to groups (GroupLicenseAssignments) |
Yes |
No |
No |
No |
|
Tenants (Organization) |
Yes |
No |
No |
Yes |
|
Applications (Application) |
Yes |
No |
No |
Yes |
|
Service principles (ServicePrincipal) |
Yes |
No |
No |
Yes |
|
App roles (AppRole) |
Yes |
No |
No |
No |
|
Assignments to app roles (AppRoleAssignment) |
Yes |
Yes |
Yes |
Yes |
|
Policies on activity-based timeout (ActivityBasedTimeoutPolicy) |
Yes |
No |
No |
No |
|
Policies on home realm discovery (HomeRealmDiscoveryPolicy) |
Yes |
No |
No |
No |
|
Policies on token issuance (TokenIssuancePolicy) |
Yes |
No |
No |
No |
|
Policies on token lifetime (TokenLifetimePolicy) |
Yes |
No |
No |
No |
|
Classifications (AADGroupClassificationLbl) |
Yes |
No |
No |
No |
|
Administrative units (AdministrativeUnit) |
Yes |
Yes |
Yes |
Yes |
Azure Active Directory connector settings
The following settings are configured for the system connection with the Azure Active Directory connector.
Table 55: Azure Active Directory connector settings
|
Client ID |
Application ID that was generated during integration of One Identity Manager as an Azure Active Directory tenant application.
Variable: CP_ClientID |
| Login domain |
Base domain or a verified domain of your Azure Active Directory tenant.
Variable: CP_OrganizationDomain |
|
User name |
User account name for logging in on Azure Active Directory if you have integrated One Identity Manager as a local system client application in for Azure Active Directory tenant.
Variable: CP_Username |
|
Password |
The user account’s password.
Variable: CP_Password |
| Key |
Key that was generated during registration of One Identity Manager as an Azure Active Directory web application of the tenant.
Variable: CP_Secret |
| Organization ID |
The Azure Active Directory tenant ID.
Variable: OrganizationID |
|
GuestInviteSendMail |
Specifies whether the guest user invitation will be sent.
Default: True
Variable: GuestInviteSendMail |
|
GuestInviteLanguage |
Language to use for sending the guest user invitation.
Default: en-us
Variable: GuestInviteLanguage |
|
GuestInviteCustomMessage |
Personal welcome greeting for the guest user.
Variable: GuestInviteCustomMessage |
|
GuestInviteRedirectUrl |
URL to reroute guest users after they have accepted the invitation and registered.
Default: http://www.office.com
Variable: GuestInviteRedirectUrl |
