Identity Manager 9.2 - Cloud Access Governance Administration Guide

Architecture overview One Identity Manager users for managing Azure Cloud System

Setting up synchronization with Azure Cloud System

Setting up the synchronization server Creating a synchronization project for initial synchronization of Azure Cloud System Display Synchronization Results Customizing synchronization configuration

Updating Schemas

Post-processing outstanding objects Help for the analysis of synchronization issues Deactivating synchronization

Basic Data for managing Azure Cloud System Azure Active Directory Tenant Managing Azure Cloud System Objects Role Assignment to Security Principals Default project template for Microsoft Azure Reports about Azure cloud system objects Troubleshooting

Managing Azure Cloud System

One Identity Manager CIM module for Azure Cloud System module provides the ability to connect to Azure Tenant and synchronize Azure objects to One Identity Manager and provision Role Assignments for Security Principals. Identity and Access Governance processes such as attesting, IT Shop, or report subscriptions can be used for Azure Tenant. The integration ensures a strong governance.

Architecture overview

To access Azure Tenant data, the SCIM connector is installed on a synchronization server. The synchronization server ensures that the data is compared between the One Identity Manager database and Azure tenant. The SCIM connector uses the Starling Connect Azure Infrastructure Connector to synchronize the Azure objects to One Identity Manager. The Starling Connect Connector uses the Microsoft Azure REST API and accesses the Azure objects.

One Identity Manager users for managing Azure Cloud System

The following users are used in Azure Tenant administration.

Table 1: Users used in Azure Tenant system administration
Users	Task
Target system administrators	Target system administrators must be assigned to the Target systems \| Administrators application role. Users with this application role Administrative application roles for individual target systems types Specify the target system manager Set up other application roles for target system managers if required Specify which application roles are conflicting for target system managers Authorize other identity to be target system administrators Do not assume any administrative tasks within the target system
Target system managers	Target system managers must be assigned to Target systems \| Azure Cloud Access Governance or a sub-application role. Users with this application role Assume administrative tasks for the target system View target system objects Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager Edit the synchronization's target system types and outstanding objects Authorize other identities within their area of responsibility as target system managers and create child application roles if required
One Identity Manager administrators	Create customized permissions groups for application roles for role-based login to administration tools in Designer as required Create system users and permissions groups for nonrole- based login to administration tools in Designer as required Enable or disable additional configuration parameters in Designer as required Create custom processes in Designer as required Create and configures schedules as required
Administrators for the IT Shop	Administrators must be assigned to the Request & Fulfillment \| IT Shop \| Administrators application role. Users with this application role Assign to IT Shop structures
Product owner for the IT Shop	Product owners must be assigned to the Request & Fulfillment \| IT Shop \| Product owner application role or a child application role. Users with this application role Approve through requests Edit service items and service categories under their management
Administrators for Organizations	Administrators must be assigned to the application role Identity Management \| Organizations \| Administrators. Users with this application role Assign to departments, cost centers and locations
Business roles administrators	Administrators must be assigned to the application role Identity Management \| Business roles \| Administrators. Users with this application role Assign to business roles

Setting up synchronization with Azure Cloud System

The following steps must be performed before setting up the Azure cloud system:

Azure Active Directory Tenant Synchronization project configured, and the data synchronized into OneIM (AAD Admin Guide)
Azure Infrastructure Connector configured on Starling (refer Starling Connect Administration Guide)

セルフ・サービス・ツール: ナレッジベース; 通知および警告; 製品別サポート; ソフトウェアのダウンロード; 技術文書; ユーザーフォーラム; ビデオチュートリアル; RSSフィード

お問い合わせ: ライセンスアシスタンスの取得; Technical Support; すべて表示

製品を選択してください:

サービス向上のために、「Purpose of your Chat（チャットの目的）」を記入してください。

お客様の不具合に推奨されるソリューション

Identity Manager 9.2 - Cloud Access Governance Administration Guide

Managing Azure Cloud System

Architecture overview

One Identity Manager users for managing Azure Cloud System

Setting up synchronization with Azure Cloud System