To delete a Policy Object, you must first delete the links to the Policy Object (see Managing policy scope). Then, you can perform the deletion: Right-click the Policy Object and click Delete.
To delete a Policy Object, you must first delete the links to the Policy Object (see Managing policy scope). Then, you can perform the deletion: Right-click the Policy Object and click Delete.
To delete a Policy Object
In the console tree, under Configuration > Policies > Administration, locate and select the folder that contains the Policy Object you want to delete.
In the details pane, right-click the Policy Object, and then click Delete.
NOTE: Once a Policy Object is applied within Active Roles to determine policy settings in the directory, the Policy Object cannot be deleted. You can view a list of objects to which the Policy Object is applied: right-click the Policy Object, and click Policy Scope. If you need to delete the Policy Object, first remove all items from the list in the Active Roles Policy Scope dialog.
This section discusses how to configure policies of the following types, grouped by Policy Object category.
Policy Object category |
Policy type |
---|---|
Provisioning Policy Object |
|
Deprovisioning Policy Object |
|
Property Generation and Validation policies help you automate the configuration of directory object properties. Using this policy, you can:
Automatically generate default property values for new directory objects (for example, when creating new user accounts or groups).
Automatically check if the configured property values comply with the specified corporate policy rules.
To set up a policy, you can specify conditions that the property values must meet, and can also determine the default value for each property provisioned with the policy. For example, you can configure a policy to enforce a certain type of telephone number formatting in the contact information properties for your directory.
TIP: Consider the following when planning to configure a Property Generation and Validation policy:
To help you get started with configuring policy-based administration in your organization, Active Roles includes a set of built-in Policy Objects that offer provisioning and deprovisioning rules to the most typical administrative use cases. To find the built-in Policy Objects, navigate to the following node of the Active Roles Console:
Configuration > Policies > Administration > Builtin
If the directory of your organization contains cloud-only Azure objects (Azure users, guest users or contacts), then use the built-in Azure CloudOnly Policy - Default Rules to Generate Properties Policy Object to provision their default properties and accepted values.
NOTE: Policy Object settings specific to Azure cloud-only objects (such as cloud-only Azure users, guest users, or contacts) are available only if your Active Roles deployment is licensed for managing cloud-only Azure objects. Contact One Identity support for more information.
Also, Policy Objects specific to Azure cloud-only objects will work correctly only if an Azure tenant is already configured in the AD of the organization, and Active Roles is already set as a consented Azure application for that Azure tenant. For more information on these settings, see Configuring an Azure tenant and Active Roles as an Azure application.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center