지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.2.1 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and identities Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login credentials for Azure Active Directory user accounts Azure Active Directory role management
Azure Active Directory role management tenants Enabling new Azure Active Directory role management features Azure Active Directory role main data Displaying Azure Active Directory scoped role assignments Displaying scoped role eligibilities for Azure Active Directory roles Overview of Azure Active Directory scoped role assignments Main data of Azure Active Directory scoped role assignments Managing Azure Active Directory scoped role assignments Adding Azure Active Directory scoped role assignments Editing Azure Active Directory scoped role assignments Deleting Azure Active Directory scoped role assignments Assigning Azure Active Directory scoped role assignments Assigning Azure Active Directory system roles to scopes through role assignments Assigning Azure Active Directory business roles to scopes though role assignments Assigning Azure Active Directory organizations to scopes through role assignments Overview of Azure Active Directory scoped role eligibilities Main data of Azure Active Directory scoped role assignments Managing Azure Active Directory scoped role eligibilities Adding Azure Active Directory scoped role eligibilities Editing Azure Active Directory scoped role eligibilities Deleting Azure Active Directory scoped role eligibilities Assigning Azure Active Directory scoped role eligibilities Assigning Azure Active Directory system roles to scopes through role eligibilities Assigning Azure Active Directory business roles to scopes though role eligibilities Assigning Azure Active Directory organizations to scopes through role eligibilities
Mapping Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory user identities Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory administrative units Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Audit data for Azure Active Directory user accounts

The Audit tab shows the following information.

Table 35: Audit

Property

Description

Last non-interactive login

Time of the last user login in the directory with a non-interactive authentication method.

ID last non-interactive login

ID of the last non-interactive login.

Last interactive login

Time of the last user login in the directory with an interactive authentication method.

ID last interactive login

ID of the last interactive login.

Assigning extended properties to Azure Active Directory user accounts

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

For more information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

To specify extended properties for a user account

  1. In the Manager, select the Azure Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Select Assign extended properties.

  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .

  5. Save the changes.

Disabling Azure Active Directory user accounts

The way you disable user accounts depends on how they are managed.

Scenario: The user accounts are linked to identities and are managed through account definitions.

User accounts managed through account definitions are disabled when the identity is temporarily or permanently disabled. The behavior depends on the user account manage level. Accounts with the Full managed manage level are disabled depending on the account definition settings. For user accounts with a manage level, configure the required behavior using the template in the AADUser.AccountDisabled column.

Scenario: The user accounts are linked to identities. No account definition is applied.

User accounts managed through user account definitions are disabled when the identity is temporarily or permanently disabled. The behavior depends on the QER | Person | TemporaryDeactivation configuration parameter

  • If the configuration parameter is set, the identity’s user accounts are disabled when the identity is permanently or temporarily disabled.

  • If the configuration parameter is not set, the identity’s properties do not have any effect on the associated user accounts.

To disable the user account when the configuration parameter is disabled

  1. In the Manager, select the Azure Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. On the General tab, set the Account is disabled option.

  5. Save the changes.
Scenario: The user accounts are not linked to identities.

To disable a user account that is no longer linked to an identity

  1. In the Manager, select the Azure Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Select the Change main data task.

  4. On the General tab, set the Account is disabled option.

  5. Save the changes.

For more information about deactivating and deleting identities and user accounts, see the One Identity Manager Target System Base Module Administration Guide.

Related topics

Deleting and restoring Azure Active Directory user accounts

NOTE: As long as an account definition for an identity is valid, the identity retains the user account that was created by it. If the account definition assignment is removed, the user account that was created from this account definition, is deleted. User accounts marked as Outstanding are only deleted if the QER | Person | User | DeleteOptions | DeleteOutstanding configuration parameter is set.

In the Manager, you can delete a user account that was not created using an account definition in the result list or from the menu bar. After you have confirmed the security alert the user account is marked for deletion in the One Identity Manager. The user account is locked in One Identity Manager and permanently deleted from the One Identity Manager database and the target system depending on the deferred deletion setting.

For more information about deactivating and deleting identities and user accounts, see the One Identity Manager Target System Base Module Administration Guide.

To delete a user account that is not managed using an account definition

  1. In the Manager, select the Azure Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Click in the result list.
  4. Confirm the security prompt with Yes.

To restore a user account

  1. In the Manager, select the Azure Active Directory > User accounts category.

  2. Select the user account in the result list.

  3. Click in the result list.

Related topics
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택