- In the console tree, under Configuration | Policies | Administration, locate and select the folder that contains the Policy Object you want to delete.
- In the details pane, right-click the Policy Object, and then click Delete.
NOTE: Once a Policy Object is applied within Active Roles to determine policy settings in the directory, the Policy Object cannot be deleted. You can view a list of objects to which the Policy Object is applied: Right-click the Policy Object, and click Policy Scope. If you need to delete the Policy Object, first remove all items from the list in the Active Roles Policy Scope dialog box.
Policy Object category
|Office 365 and Azure Tenant Selection|
Deprovisioning Policy Object
Automatically check if the configured property values comply with the specified corporate policy rules.
To set up a policy, you can specify conditions that the property values must meet, and can also determine the default value for each property provisioned with the policy. For example, you can configure a policy to enforce a certain type of telephone number formatting in the contact information properties for your directory.
TIP: Consider the following when planning to configure a Property Generation and Validation policy:
To help you get started with configuring policy-based administration in your organization, Active Roles includes a set of built-in Policy Objects that offer provisioning and deprovisioning rules to the most typical administrative use cases. To find the built-in Policy Objects, navigate to the following node of the Active Roles MMC console:
Configuration > Policies > Administration > Builtin
If the directory of your organization contains cloud-only Azure objects (Azure users, guest users or contacts), then use the built-in Azure CloudOnly Policy - Default Rules to Generate Properties Policy Object to provision their default properties and accepted values.
NOTE: Policy Object settings specific to Azure cloud-only objects (such as cloud-only Azure users, guest users, or contacts) are available only if your Active Roles deployment is licensed for managing cloud-only Azure objects. Contact One Identity support for more information.
Also, Policy Objects specific to Azure cloud-only objects will work correctly only if an Azure tenant is already configured in the AD of the organization, and Active Roles is already set as a consented Azure application for that Azure tenant. For more information on these settings, see Configuring a new Azure tenant and consenting Active Roles as an Azure application.
When creating or modifying an object, Active Roles checks whether the property values satisfy criteria defined in the policy. If they do not, Active Roles prevents you from the object creation or modification.
In object creation wizards and properties dialog boxes, the properties that are controlled by the policy are displayed as hyperlinks. If you have a policy configured to populate a property with a certain value (generate the default value), the edit box for the property is unavailable for editing, as shown in the following figure.
Figure 29: Object creation
You can click a hyperlink to display the policy details.
With a policy configured to define a set of acceptable values for a given property, the Active Roles console provides a drop-down list to select a value when modifying that property. The user of the Active Roles console can choose an acceptable value from the list instead of having to type a value in the edit box. This feature is illustrated in the following figure: The Office box provides a list of acceptable values that are prescribed by policy.
Figure 30: Acceptable values for a policy