지금 지원 담당자와 채팅
지원 담당자와 채팅

Active Roles 7.4.1 - Administration Guide

Introduction About Active Roles Getting Started Rule-based Administrative Views Role-based Administration
Access Templates as administrative roles Access Template management tasks Examples of use Deployment considerations Windows claims-based Access Rules
Rule-based AutoProvisioning and Deprovisioning
About Policy Objects Policy Object management tasks Policy configuration tasks
Property Generation and Validation User Logon Name Generation Group Membership AutoProvisioning E-mail Alias Generation Exchange Mailbox AutoProvisioning AutoProvisioning for SaaS products OneDrive Provisioning Home Folder AutoProvisioning Script Execution Office 365 License Management Office 365 Roles Management User Account Deprovisioning Office 365 Licenses Retention Group Membership Removal Exchange Mailbox Deprovisioning Home Folder Deprovisioning User Account Relocation User Account Permanent Deletion Group Object Deprovisioning Group Object Relocation Group Object Permanent Deletion Notification Distribution Report Distribution
Deployment considerations Checking for policy compliance Deprovisioning users or groups Restoring deprovisioned users or groups Container Deletion Prevention policy Picture management rules Policy extensions
Workflows
Understanding workflow Workflow activities overview Configuring a workflow
Creating a workflow definition Configuring workflow start conditions Configuring workflow parameters Adding activities to a workflow Configuring an Approval activity Configuring a Notification activity Configuring a Script activity Configuring an If-Else activity Configuring a Stop/Break activity Configuring an Add Report Section activity Configuring a Search activity Configuring CRUD activities Configuring a Save Object Properties activity Configuring a Modify Requested Changes activity Enabling or disabling an activity Enabling or disabling a workflow Using the initialization script
Example: Approval workflow E-mail based approval Automation workflow Activity extensions
Temporal Group Memberships Group Family Dynamic Groups Active Roles Reporting Management History
Understanding Management History Management History configuration Viewing change history
Workflow activity report sections Policy report items Active Roles internal policy report items
Examining user activity
Entitlement Profile Recycle Bin AD LDS Data Management One Identity Starling Management One Identity Starling Two-factor Authentication for Active Roles Managing One Identity Starling Connect Azure_Overview
Config ARS to Manage Hybrid AD Objects Managing Hybrid AD Users Office 365 roles management for hybrid environment users Managing Office 365 Contacts Managing Hybrid AD Groups Managing Azure O365 or Unified Groups
Managing Configuration of Active Roles
Connecting to the Administration Service Adding and removing managed domains Using unmanaged domains Evaluating product usage Creating and using virtual attributes Examining client sessions Monitoring performance Customizing the console Using Configuration Center Changing the Active Roles Admin account Enabling or disabling diagnostic logs Active Roles Log Viewer
SQL Server Replication Appendix A: Using regular expressions Appendix B: Administrative Template Appendix C: Communication ports Appendix D: Active Roles and supported Azure environments Appendix E: Enabling delegation for Federated Authentication

Office 365 Roles Management

Office 365 roles deployed in organizations ensure that the users have access to the resources according to the assigned roles at all times. Managing the Office 365 roles assigned to licensed users includes assigning appropriate roles to new users and modifying the roles assigned to existing users.

Applying the Office 365 Roles Management policy to a container enables the administrator to manage the Office 365 roles assignment for all the Azure AD users in that container. This ensures that all Azure AD users get the required privileges and access to all the relevant resources assigned as per the roles included immediately upon creation.

When configuring a policy of this category, you can specify the roles that can be assigned to the Azure AD user.

How this policy works

When Azure users are created in Active Directory, Active Roles enables you to assign the required Office 365 roles. The Office 365 Roles Management policy can be configured to assign the required Office 365 roles to new users, select the individual roles while assigning to the users, and configure conditions to assign roles to only the users who satisfy the required conditions. Active Roles relies on this policy to perform the Office 365 roles management automatically when an Azure AD user is created or modified.

Configuring the Office 365 Roles Management policy conditions

On the Policy Conditions page, you can set up policy conditions—criteria the policy uses to determine what objects can be controlled by the policy. If you specify no conditions, the policy affects any objects of the type you have selected on the previous page. Otherwise, it only affects the objects matching the conditions you specify using this page.

To configure a condition, click Add on the Policy Conditions page. This displays the Set Up Condition dialog box.

 

Figure 72: Set Up Condition page

In the Set Up Condition dialog box you can configure a condition which includes an object property (for example, City or Department), a requirement (for example, equals or begins with) and a value.

Click Property to display the Select Object Property dialog box where you can select the object property you want to include in the condition.

From the Operation list, select the requirement you want to apply to the selected property.

Click Configure Value, to compose the value for which you want to apply the selected requirement. The Configure Value dialog box is displayed, which enables you to set up the value.

To specify multiple conditions, click AND or OR to combine the conditions.

Click OK to save and close the Set Up Condition dialog box.

On the Policy Conditions page, select the required licenses from the Office 365 roles list and click Next. The Enforce Policy Page is displayed.

Figure 73: Enforce Policy page

On the Enforce Policy page, click Add to and use the Select Objects option to locate and select the objects on which you want to enforce the policy.

Click Next and then click Finish.

Steps for configuring an Office 365 Roles Management policy

To configure an Office 365 Roles Management policy

  1. On the Policy to Configure page, select Office 365 Roles Management, and then click Next.
  2. On the Object Type Selection page, click Select to choose the object type you want the policy to control.
  3. In the Policy Conditions dialog box, click Add to set up the policy condition for license assignment. The Set Up Condition dialog box is displayed.
  4. In the Set Up Condition dialog box, set up the required conditions and click OK, and then click Next. The Office 365 roles page is displayed.
  5. Select the required roles plans and click Next.

    The Enforce Policy dialog box, which enables you to specify the containers to which this policy object is to be applied is displayed.

  6. Click Add, and use the Select Objects to locate and select the objects on which you want to enforce the policy.
  7. Click Next, and then click Finish.
관련 문서