サポートと今すぐチャット
サポートとのチャット

Identity Manager 9.3 - Administration Guide for Connecting to Microsoft Entra ID

Managing Microsoft Entra ID environments Synchronizing a Microsoft Entra ID environment
Setting up initial synchronization with a Microsoft Entra ID tenant Adjusting the synchronization configuration for Microsoft Entra ID environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Microsoft Entra ID user accounts and identities Managing memberships in Microsoft Entra ID groups Managing Microsoft Entra ID administrator roles assignments Managing Microsoft Entra ID subscription and Microsoft Entra ID service plan assignments
Displaying enabled and disabled Microsoft Entra ID service plans forMicrosoft Entra ID user accounts and Microsoft Entra ID groups Assigning Microsoft Entra ID subscriptions to Microsoft Entra ID user accounts Assigning disabled Microsoft Entra ID service plans to Microsoft Entra ID user accounts Inheriting Microsoft Entra ID subscriptions based on categories Inheritance of disabled Microsoft Entra ID service plans based on categories
Login credentials for Microsoft Entra ID user accounts Microsoft Entra ID role management
Microsoft Entra ID role management tenants Enabling new Microsoft Entra ID role management features Microsoft Entra ID role main data Main data of Microsoft Entra ID role settings Displaying Microsoft Entra ID role settings main data Assigning temporary access passes to Microsoft Entra ID user accounts Displaying Microsoft Entra ID scoped role assignments Displaying scoped role eligibilities for Microsoft Entra ID roles Overview of Microsoft Entra ID scoped role assignments Main data of Microsoft Entra ID scoped role assignments Managing Microsoft Entra ID scoped role assignments Adding Microsoft Entra ID scoped role assignments Editing Microsoft Entra ID scoped role assignments Deleting Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role assignments Assigning Microsoft Entra ID business roles to scopes though role assignments Assigning Microsoft Entra ID organizations to scopes through role assignments Overview of Microsoft Entra ID scoped role eligibilities Main data of Microsoft Entra ID scoped role eligibilities Managing Microsoft Entra ID scoped role eligibilities Adding Microsoft Entra ID scoped role eligibilities Editing Microsoft Entra ID scoped role eligibilities Deleting Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role eligibilities Assigning Microsoft Entra ID business roles to scopes though role eligibilities Assigning Microsoft Entra ID organizations to scopes through role eligibilities
Mapping Microsoft Entra ID objects in One Identity Manager
Microsoft Entra ID core directories Microsoft Entra ID user accounts Microsoft Entra ID user identities Microsoft Entra ID groups Microsoft Entra ID administrator roles Microsoft Entra ID administrative units Microsoft Entra ID subscriptions and Microsoft Entra ID service principals Disabled Microsoft Entra ID service plans Microsoft Entra ID app registrations and Microsoft Entra ID service principals Reports about Microsoft Entra ID objects Managing Microsoft Entra ID security attributes
Handling of Microsoft Entra ID objects in the Web Portal Recommendations for federations Basic data for managing a Microsoft Entra ID environment Troubleshooting Configuration parameters for managing a Microsoft Entra ID environment Default project template for Microsoft Entra ID Editing Microsoft Entra ID system objects Microsoft Entra ID connector settings

Default project template for Microsoft Entra ID

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

Detailed information about this topic

Project template for Microsoft Entra ID tenants

The project template uses mappings for the following schema types.

Table 53: Microsoft Entra ID schema type mapping

Schema type in Microsoft Entra ID

Table in the One Identity Manager Schema

DirectoryRole

AADDirectoryRole

Group

AADGroup

LicenseAssignments

AADUserHasSubSku

GroupLicenseAssignments

AADGroupHasSubSku

Organization

AADOrganization

ServicePlanInfo

AADServicePlan

SubscribedSku

AADSubSku

User

AADUser

VerifiedDomain

AADVerifiedDomain

Application

AADApplication

AppRole

AADAppRole

AppRoleAssignment

AADAppRoleAssignment

ServicePrincipal

AADServicePrincipal

ActivityBasedTimeoutPolicy

AADActivityBasedTimeoutPolicy

HomeRealmDiscoveryPolicy

AADHomeRealmDiscoveryPolicy

TokenIssuancePolicy

AADTokenIssuancePolicy

TokenLifetimePolicy

AADTokenLifetimePolicy

AdministrativeUnit

AADAdministrativeUnit

Project template for Microsoft Entra ID B2C tenants

The project template uses mappings for the following schema types.

Table 54: Microsoft Entra ID schema type mapping

Schema type in Microsoft Entra ID

Table in the One Identity Manager Schema

AdministrativeUnit

AADAdministrativeUnit

ActivityBasedTimeoutPolicy

AADActivityBasedTimeoutPolicy

Application

AADApplication

AppRole

AADAppRole

AppRoleAssignment

AADAppRoleAssignment

DirectoryRole

AADDirectoryRole

Group

AADGroup

GroupLicenseAssignments

AADGroupHasSubSku

HomeRealmDiscoveryPolicy

AADHomeRealmDiscoveryPolicy

Organization

AADOrganization

ServicePrincipal

AADServicePrincipal

TokenIssuancePolicy

AADTokenIssuancePolicy

TokenLifetimePolicy

AADTokenLifetimePolicy

User

AADUser

VerifiedDomain

AADVerifiedDomain

Editing Microsoft Entra ID system objects

The following table describes permitted editing methods of Microsoft Entra ID schema types and names restrictions required by system object processing.

Table 55: Methods available for editing schema types
Type Read Add Delete Refresh

Subscriptions (SubscribedSku)

Yes

No

No

No

Administrator roles (DirectoryRole)

Yes

No

No

Yes

User accounts (User)

Yes

Yes

Yes

Yes

Service plans (ServicePlanInfo)

Yes

No

No

No

Domains (VerifiedDomain)

Yes

No

No

No

Groups (Group)

Yes

Yes

Yes

Yes

License assignments to user accounts (LicenseAssignments)

Yes

Yes

Yes

Yes

License assignments to groups (GroupLicenseAssignments)

Yes

No

No

No

Tenants (Organization)

Yes

No

No

Yes

Applications (Application)

Yes

No

No

Yes

Service principals (ServicePrincipal)

Yes

No

No

Yes

App roles (AppRole)

Yes

No

No

No

Assignments to app roles (AppRoleAssignment)

Yes

Yes

Yes

Yes

Policies on activity-based timeout (ActivityBasedTimeoutPolicy)

Yes

No

No

No

Policies on home realm discovery (HomeRealmDiscoveryPolicy)

Yes

No

No

No

Policies on token issuance (TokenIssuancePolicy)

Yes

No

No

No

Policies on token lifetime (TokenLifetimePolicy)

Yes

No

No

No

Classifications (AADGroupClassificationLbl)

Yes

No

No

No

Administrative units (AdministrativeUnit)

Yes

Yes

Yes

Yes

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択