Converse agora com nosso suporte
Chat com o suporte

Identity Manager 8.2 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Azure Active Directory user accounts and employees Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login information for Azure Active Directory user accounts Mapping of Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory applications and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Assigning Azure Active Directory groups to Azure Active Directory user accounts

Azure Active Directory groups can be assigned directly or indirectly to Azure Active Directory user accounts.

In the case of indirect assignment, employees and Azure Active Directory groups are assigned to hierarchical roles, such as departments, cost centers, locations, or business roles. The Azure Active Directory groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance. If you add an employee to roles and that employee owns an Azure Active Directory user account, the Azure Active Directory user account is added to the Azure Active Directory group.

Furthermore, Azure Active Directory groups can be requested through the Web Portal. To do this, add employees to a shop as customers. All Azure Active Directory groups are assigned to this shop can be requested by the customers. Requested Azure Active Directory groups are assigned to the employees after approval is granted.

Through system roles, Azure Active Directory groups can be grouped together and assigned to employees and workdesks as a package. You can create system roles that contain only Azure Active Directory groups. You can also group any number of company resources into a system role.

To react quickly to special requests, you can assign Azure Active Directory groups directly to Azure Active Directory user accounts.

For detailed information see the following guides:

Topic

Guide

Basic principles for assigning and inheriting company resources

One Identity Manager Identity Management Base Module Administration Guide

One Identity Manager Business Roles Administration Guide

Assigning company resources through IT Shop requests

One Identity Manager IT Shop Administration Guide

System roles

One Identity Manager System Roles Administration Guide

Detailed information about this topic

Prerequisites for indirect assignment of Azure Active Directory groups to Azure Active Directory user accounts

In the case of indirect assignment, employees, and Azure Active Directory groups are assigned to hierarchical roles, such as departments, cost centers, locations, or business roles. When assigning Azure Active Directory groups indirectly, check the following settings and modify them if necessary:

  1. Assignment of employees and Azure Active Directory groups is permitted for role classes (departments, cost centers, locations, or business roles).

    For more detailed information, see the One Identity Manager Identity Management Base Module Administration Guide.

    ClosedAllow assignments to role classes of departments, cost centers, locations, or roles

  2. Settings for assigning Azure Active Directory groups to Azure Active Directory user accounts.

    • The Azure Active Directory user account is linked to an employee.

    • The Azure Active Directory user account has the Groups can be inherited option set.

NOTE: There are other configuration settings that play a role when company resources are inherited through departments, cost centers, locations, and business roles. For example, role inheritance might be blocked or inheritance of employees not allowed. For more detailed information about the basic principles for assigning company resources, see the One Identity Manager Identity Management Base Module Administration Guide.

Related topics

Assigning Azure Active Directory groups to departments, cost centers and locations

Assign groups to departments, cost centers, or locations so that the group can be assigned to user accounts through these organizations.

This task is not available for dynamic groups.

To assign a group to departments, cost centers, or locations (non role-based login)

  1. In the Manager, select the Azure Active Directory > Groups category.

  2. Select the group in the result list.

  3. Select the Assign organizations task.

  4. In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  5. Save the changes.

To assign groups to a department, a cost center, or a location (non role-based login or role-based login)

  1. In the Manager, select the Organizations > Departments category.

    - OR -

    In the Manager, select the Organizations > Cost centers category.

    - OR -

    In the Manager, select the Organizations > Locations category.

  2. Select the department, cost center, or location in the result list.

  3. Select the Assign Azure Active Directory groups task.

  4. In the Add assignments pane, assign groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  5. Save the changes.
Related topics

Assigning Azure Active Directory groups to business roles

NOTE: This function is only available if the Business Roles Module is installed.

Assign the group to business roles so that the group is assigned to user accounts through these business roles.

This task is not available for dynamic groups.

To assign a group to a business role (non role-based login)

  1. In the Manager, select the Azure Active Directory > Groups category.

  2. Select the group in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

To assign groups to a business role (non role-based login or role-based login)

  1. In the Manager, select the Business roles > <role class> category.

  2. Select the business role in the result list.

  3. Select the Assign Azure Active Directory groups task.

  4. In the Add assignments pane, assign the groups.

    TIP: In the Remove assignments pane, you can remove the assignment of groups.

    To remove an assignment

    • Select the group and double-click .

  5. Save the changes.
Related topics
Documentos relacionados

The document was helpful.

Selecione a classificação

I easily found the information I needed.

Selecione a classificação