지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 8.2 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Azure Active Directory user accounts and employees Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login information for Azure Active Directory user accounts Mapping of Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory applications and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Assigning Azure Active Directory administrator roles to Azure Active Directory user accounts

Azure Active Directory administrator roles can be assigned directly or indirectly to Azure Active Directory user accounts.

In the case of indirect assignment, employees and Azure Active Directory administrator roles are assigned to hierarchical roles, such as, departments, cost centers, locations, or business roles. The Azure Active Directory administrator roles assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to roles and that employee owns an Azure Active Directory user account, the Azure Active Directory user account is added to the Azure Active Directory administrator roles.

You can also request Azure Active Directory administration roles in the Web Portal. To do this, add employees to a shop as customers. All Azure Active Directory administrator roles assigned as products to this shop, can be requested by the customers. Requested Azure Active Directory administrator roles are assigned to the employees after approval is granted.

Through system roles, Azure Active Directory administrator roles can be grouped together and assigned to employees and workdesks as a package. You can create system roles that contain only Azure Active Directory administrator roles. You can also group any number of company resources into a system role.

To react quickly to special requests, you can assign Azure Active Directory administrator roles directly to Azure Active Directory user accounts.

For detailed information see the following guides:

Topic

Guide

Basic principles for assigning and inheriting company resources

One Identity Manager Identity Management Base Module Administration Guide

One Identity Manager Business Roles Administration Guide

Assigning company resources through IT Shop requests

One Identity Manager IT Shop Administration Guide

System roles

One Identity Manager System Roles Administration Guide

Detailed information about this topic

Prerequisites for indirect assignment of Azure Active Directory administration roles to Azure Active Directory user accounts

In the case of indirect assignment, employees and Azure Active Directory administrator roles are assigned to hierarchical roles, such as, departments, cost centers, locations, or business roles. When assigning Azure Active Directory administrator roles indirectly, check the following settings and modify them if necessary.

  1. Assignment of employees and Azure Active Directory administrator roles is permitted for role classes (departments, cost centers, locations, or business roles).

    For more detailed information, see the One Identity Manager Identity Management Base Module Administration Guide.

    ClosedAllow assignments to role classes of departments, cost centers, locations, or roles

  2. Settings for assigning Azure Active Directory administrator roles to Azure Active Directory user accounts.

    • The Azure Active Directory user account is linked to an employee.

    • The Azure Active Directory user account has the Administrator roles can be inherited option set.

NOTE: There are other configuration settings that play a role when company resources are inherited through departments, cost centers, locations, and business roles. For example, role inheritance might be blocked or inheritance of employees not allowed. For more detailed information about the basic principles for assigning company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assigning Azure Active Directory administrator roles to departments, cost centers, and locations

By assigning administrator roles to departments, cost centers, or locations, you enable the group to be assigned to user accounts through these organizations.

To assign an administrator role to departments, cost centers, or locations (non role-based login)

  1. In the Manager, select the Azure Active Directory > Administrator roles category.

  2. Select the administrator role in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign administrator roles to departments, cost centers or locations (role-based login)

  1. In the Manager, select the Organizations > Departments category.

    - OR -

    In the Manager, select the Organizations > Cost centers category.

    - OR -

    In the Manager, select the Organizations > Locations category.

  2. Select the department, cost center or location in the result list.

  3. Select the Assign Azure Active Directory administrator roles task.

  4. In the Add assignments pane, assign administrator roles.

    TIP: In the Remove assignments pane, you can remove assigned administrator roles.

    To remove an assignment

    • Select the administrator role and double-click .
  5. Save the changes.
Related topics

Assigning Azure Active Directory administrator roles to business roles

NOTE: This function is only available if the Business Roles Module is installed.

By assigning administrator roles to business roles, the administrator role can be assigned to user accounts through these business roles.

To assign an administrator role to business roles (non role-based login)

  1. In the Manager, select the Azure Active Directory > Administrator roles category.

  2. Select the administrator role in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

To assign administrator roles to a business role (non role-based login)

  1. In the Manager, select the Business roles > <role class> category.

  2. Select the business role in the result list.

  3. Select the Assign Azure Active Directory administrator roles task.

  4. In the Add assignments pane, assign administrator roles.

    TIP: In the Remove assignments pane, you can remove assigned administrator roles.

    To remove an assignment

    • Select the administrator role and double-click .
  5. Save the changes.
Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택