지금 지원 담당자와 채팅
지원 담당자와 채팅

Identity Manager 9.2.1 - Cloud Access Governance Administration Guide

Managing Azure Cloud System

One Identity Manager CIM module for Azure Cloud System module provides the ability to connect to Azure Tenant and synchronize Azure objects to One Identity Manager and provision Role Assignments for Security Principals. Identity and Access Governance processes such as attesting, IT Shop, or report subscriptions can be used for Azure Tenant. The integration ensures a strong governance.

Architecture overview

To access Azure Tenant data, the SCIM connector is installed on a synchronization server. The synchronization server ensures that the data is compared between the One Identity Manager database and Azure tenant. The SCIM connector uses the Starling Connect Azure Infrastructure Connector to synchronize the Azure objects to One Identity Manager. The Starling Connect Connector uses the Microsoft Azure REST API and accesses the Azure objects.

One Identity Manager users for managing Azure Cloud System

The following users are used in Azure Tenant administration.

Table 1: Users used in Azure Tenant system administration
Users Task
Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role

  • Administrative application roles for individual target systems types
  • Specify the target system manager
  • Set up other application roles for target system managers if required
  • Specify which application roles are conflicting for target system managers
  • Authorize other identity to be target system administrators
  • Do not assume any administrative tasks within the target system
Target system managers

Target system managers must be assigned to Target systems | Azure Cloud Access Governance or a sub-application role.

Users with this application role

  • Assume administrative tasks for the target system
  • View target system objects

  • Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager
  • Edit the synchronization's target system types and outstanding objects
  • Authorize other identities within their area of responsibility as target system managers and create child application roles if required
One Identity Manager administrators
  • Create customized permissions groups for application roles for role-based login to administration tools in Designer as required
  • Create system users and permissions groups for nonrole- based login to administration tools in Designer as required
  • Enable or disable additional configuration parameters in Designer as required
  • Create custom processes in Designer as required
  • Create and configures schedules as required
Administrators for the IT Shop

Administrators must be assigned to the Request & Fulfillment | IT Shop | Administrators application role.

Users with this application role

  • Assign to IT Shop structures
Product owner for the IT Shop

Product owners must be assigned to the Request & Fulfillment | IT Shop | Product owner application role or a child application role.

Users with this application role

  • Approve through requests
  • Edit service items and service categories under their management
Administrators for Organizations

Administrators must be assigned to the application role Identity Management | Organizations | Administrators.

Users with this application role

  • Assign to departments, cost centers and locations
Business roles administrators

Administrators must be assigned to the application role Identity Management | Business roles | Administrators.

Users with this application role

  • Assign to business roles

Setting up synchronization with Azure Cloud System

The following steps must be performed before setting up the Azure cloud system:

셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택