You can use the Active Roles Web Interface to disable a user for logon to Azure. This allows you to disable a previously enabled user in Azure AD while retaining all the Azure settings that were configured for the user. The Azure AD user settings are retained for a disabled account. Hence you can re-enable a disabled user again without having to reconfigure the user.
To disable a previously enabled user for Azure
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
-
Click the specific domain, container or the Organizational Unit, and then the specific user that you want to disable.
-
In the Command pane, click Disable.
The account is disabled and marked with a disabled icon.
If you want to enable a previously disabled Azure AD user, see Enabling an Azure AD user.
Active Roles Web Interface allows you to enable a previously disabled user in Azure AD while retaining all the Azure settings that were configured for the user. The Azure AD user settings are retained for a disabled account. Hence you can re-enable a disabled user again without having to reconfigure the user.
To enable a previously disabled user for Azure
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
-
Click the specific domain, container or the Organizational Unit, and then the specific user that you want to disable.
-
To enable a disabled account, select the disabled account and in the Command pane click Enable.
NOTE: The Enable command only appears for a disabled account.
The account is enabled again.
If you want to disable a previously enabled Azure AD user, see Disabling an Azure AD user.
Active Roles provides the ability to deprovision rather than delete or only disable users. Deprovisioning a user refers to a set of actions that are performed by Active Roles in order to prevent the user from logging on to the network and accessing network resources such as the user’s mailbox or home folder.
The Deprovision command on a user updates the account as prescribed by the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.
To deprovision a user for Azure
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
-
Select the user, and in the Command pane, click Deprovision.
A message is displayed prompting you to confirm the account deprovision.
-
Click Yes, to continue.
Wait while Active Roles updates the user.
After the task is completed, a message is displayed that the account is deprovisioned successfully from Active Roles.
If you want to undo the deprovisioning of an Azure AD user, see Undo deprovisioning of an Azure AD user.
To undo deprovision of a user for Azure
-
On the Active Roles Web Interface navigation bar, click Directory Management.
-
On the Views tab in the Browse pane, click Active Directory.
The list of Active Directory domains is displayed.
-
Select the user, and in the Command pane, click Undo Deprovisioning.
The Password Options dialog is displayed.
-
Select the option to Leave the Password unchanged or Reset the password, and click OK.
If you want to deprovision an Azure AD user, see Deprovisioning of an Azure AD user.
