For an existing Azure AD user, you can use the Active Roles Web Interface to view or update the properties.
To view or modify the Azure AD user properties
On the Views tab in the Browse pane, click Azure Configuration -> Azure Tenants.
The list of existing Azure AD tenants are displayed.
Select the check box corresponding to the specific Azure AD tenant for which, you want to view or modify the Azure properties.
In the Command pane, click Azure properties.
The Azure Properties wizard for the Azure AD tenant is displayed.
Use the fields in the Azure Properties wizard to view or modify the password or description of the Azure AD tenant.
|
NOTE:
|
1. Azure Properties - Read-Only is one such difference.
2. When Sync. & Federated Identity is selected it enables the user to create Azure User even when AAD Connect is enabled.
3. The attributes are Sync'ed using AAD Connect in Sync. & Federated Identity
For an existing Azure AD user, you can use the Active Roles Web Interface to modify the Azure AD user Manager.
To view or modify the Azure AD user properties
The list of Active Directory domains is displayed.
The General Properties dialog box for the user is displayed.
The newly added Manager name is displayed in the Manager field.
The Manager ID field in the Azure Properties wizard for the user is populated with the new Manager information.
|
NOTE: To verify the changes in Microsoft Azure, go to the Azure Portal and view the Manger ID information for the specific user in the Work Info tab. |
You can use the Active Roles Web Interface to disable a user for logon to Azure. This allows you to disable a previously enabled user in Azure AD while retaining all the Azure settings that were configured for the user. The Azure AD user settings are retained for a disabled account. Hence you can re-enable a disabled user again without having to reconfigure the user.
To disable or re-enable a previously enabled user for Azure
The list of Active Directory domains is displayed.
The account is disabled and marked with a disabled icon.
|
NOTE: The Enable command only appears for a disabled account. |
The account is enabled again.
Active Roles provides the ability to deprovision rather than delete or only disable users. Deprovisioning a user refers to a set of actions that are performed by Active Roles in order to prevent the user from logging on to the network and accessing network resources such as the user’s mailbox or home folder.
The Deprovision command on a user updates the account as prescribed by the deprovisioning policies. Active Roles comes with a default policy to automate some commonly-used deprovisioning tasks, and allows the administrator to configure and apply additional policies.
To deprovision a user for Azure
The list of Active Directory domains is displayed.
A message is displayed prompting you to confirm the account deprovision.
Wait while Active Roles updates the user.
After the task is completed, a message is displayed that the account is deprovisioned successfully from Active Roles.
To undo deprovision of a user for Azure
The list of Active Directory domains is displayed.
The Password Options dialog box is displayed.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy