지금 지원 담당자와 채팅

라이브 도움말 보기
등록 완료

로그인

가격 산정 요청

영업 담당자에게 문의

Identity Manager 8.1.4 - Administration Guide for Connecting to Azure Active Directory

콘텐츠 탐색

Managing Azure Active Directory environments

Architecture overview One Identity Manager users for managing an Azure Active Directory environment

Setting up synchronization with an Azure Active Directory tenant

Users and permissions for synchronizing with Azure Active Directory Integrating One Identity Manager as enterprise application in Azure Active Directory Setting up the synchronization server Creating a synchronization project for initial synchronization of an Azure Active Directory tenant Displaying synchronization results Customizing the synchronization configuration

Configuring synchronization with Azure Active Directory tenants Configuring synchronization of different Azure Active Directory tenants Updating schemas

Post-processing outstanding objects Configuring the provisioning of memberships Accelerating provisioning and single object synchronization Help for the analysis of synchronization issues Deactivating synchronization

Basic data for managing an Azure Active Directory environment

Account definitions for Azure Active Directory user accounts

Creating account definitions

Master data for an account definition

Creating manage levels

Master data for manage levels

Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning an account definition to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions to the IT Shop

Assigning account definitions to a target system Deleting account definitions

Password policies for Azure Active Directory user accounts

Predefined password policies Using password policies Editing password policies

General master data for password policies Policy settings Character classes for passwords

Custom scripts for password requirements

Script for checking passwords Script for generating a password

Password exclusion list Checking passwords Testing password generation

Initial password for new Azure Active Directory user accounts Email notifications about login data Target system managers Editing a server

Master data for a Job server Specifying server functions

Azure Active Directory core directories

Azure Active Directory tenant

General master data for Azure Active Directory tenants Information about local Active Directory Defining categories for the inheritance of entitlements How to edit a synchronization project

Azure Active Directory domains

Azure Active Directory user accounts

Linking user accounts to employees Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Editing master data for Azure Active Directory user accounts

General master data of Azure Active Directory user accounts Contact data for an Azure Active Directory user account Organizational data for an Azure Active Directory user account Information about the local Active Directory user account

Additional tasks for managing Azure Active Directory user accounts

The Azure Active Directory user accounts overview Changing the manage level of Azure Active Directory user accounts Assigning Azure Active Directory groups directly to Azure Active Directory user accounts Assigning Azure Active Directory administrator roles directly to Azure Active Directory user accounts Assigning Azure Active Directory subscriptions directly to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans directly to Azure Active Directory user accounts Assigning extended properties to Azure Active Directory user accounts

Automatic assignment of employees to Azure Active Directory user accounts

Editing search criteria for automatic employee assignment

Disabling Azure Active Directory user accounts Deleting and restoring Azure Active Directory user accounts

Azure Active Directory groups

Editing master data for Azure Active Directory groups

General master data for an Azure Active Directory group Information about local Active Directory groups

Assigning Azure Active Directory groups to Azure Active Directory user accounts

Assigning Azure Active Directory groups to departments, cost centers, and locations Assigning Azure Active Directory groups to business roles Assigning Azure Active Directory user accounts directly to Azure Active Directory groups Adding Azure Active Directory groups to system roles Adding Azure Active Directory groups to the IT Shop

Additional tasks for managing Azure Active Directory groups

The Azure Active Directory group overview Adding Azure Active Directory groups to Azure Active Directory groups Effectiveness of group memberships Azure Active Directory group inheritance based on categories Assigning owners to Azure Active Directory groups Assigning extended properties to Azure Active Directory groups

Deleting Azure Active Directory groups

Azure Active Directory administrator roles

Editing master data of Azure Active Directory administrator roles Assigning Azure Active Directory administrator roles to Azure Active Directory user accounts

Assigning Azure Active Directory administrator roles to departments, cost centers, and locations Assigning Azure Active Directory administrator roles to business roles Assigning Azure Active Directory user accounts directly to Azure Active Directory administrator roles Adding Azure Active Directory administrator roles to system roles Adding Azure Active Directory administrator roles in the IT Shop

Additional tasks for managing Azure Active Directory administrator roles

The Azure Active Directory administrator roles overview Azure Active Directory administrator role inheritance based on categories Assigning extended properties to Azure Active Directory administrator roles

Azure Active Directory subscriptions and service plans

Azure Active Directory subscriptions

Editing Azure Active Directory subscription master data Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts

Assigning Azure Active Directory subscriptions to departments, cost centers, and locations Assigning Azure Active Directory subscriptions to business roles Assigning Azure Active Directory user accounts directly to an Azure Active Directory subscription Adding Azure Active Directory subscriptions to system roles Adding Azure Active Directory subscriptions to the IT Shop

Additional tasks for managing Azure Active Directory subscriptions

The Azure Active Directory subscriptions overview Effectiveness of subscription assignments Inheriting Azure Active Directory subscriptions based on categories Assigning additional properties to an Azure Active Directory subscription

Disabled Azure Active Directory service plans

Editing master data of disabled Azure Active Directory service plans Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts

Assigning disabled Azure Active Directory service plans directly to departments, cost centers, and locations Assigning disabled Azure Active Directory service plans to business roles Assigning Azure Active Directory user accounts directly to Azure Active Directory service plans Adding disabled Azure Active Directory service plans to system roles Adding disabled Azure Active Directory service plans to the IT Shop

Additional tasks for managing disabled Azure Active Directory service plans

The disabled Azure Active Directory service plans overview Effectiveness of assignments of disabled service plans Inheritance of disabled Azure Active Directory service plans based on categories Assigning extended properties to disabled Azure Active Directory service plans

Reports about Azure Active Directory objects

Overview of all assignments

Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory

Effectiveness of subscription assignments

The procedure described under Effectiveness of group memberships can also be used for subscriptions. The effect of the assignments is mapped in the AADUserHasSubSku and AADBaseTreeHasSubSku tables through the XIsInEffect column.

Prerequisites

The QER | Structures | Inherite | GroupExclusion configuration parameter is set.
Mutually exclusive subscriptions belong to the same tenant.

To exclude subscriptions

Select the Azure Active Directory | Subscriptions category.
Select a subscription in the result list.
Select the Exclude subscriptions task.
In the Add assignments pane, assign the subscriptions that are mutually exclusive to the selected assignment.
- OR -

In the Remove assignments pane, delete the subscriptions that no longer exclude each other.
Save the changes.

Inheriting Azure Active Directory subscriptions based on categories

The procedure described under Azure Active Directory group inheritance based on categories can also be used for subscriptions.

To use inheritance through categories

Define the categories in the tenant.
Assign categories to user accounts through their master data.
Assign categories to subscriptions through their master data.

Related topics

Assigning additional properties to an Azure Active Directory subscription

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a subscription

Select the Azure Active Directory | Subscriptions category.
Select a subscription in the result list.
Select the Assign extended properties task.
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.

To remove an assignment
- Select the extended property and double-click .
Save the changes.

For detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Disabled Azure Active Directory service plans

To prevent users from using individual service plans, so-called "disabled service plans" are mapped in One Identity Manager. Disabled service plans are created automatically in One Identity Manager after synchronization of the subscription. Disabled service plans are requested through the IT Shop or assigned to users through departments, cost centers, locations, business roles, or system roles.

관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택

© ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center