Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Setting up synchronization with an Azure Active Directory tenant Basic data for managing an Azure Active Directory environment Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and service plans
Azure Active Directory subscriptions Disabled Azure Active Directory service plans
Reports about Azure Active Directory objects Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory

Deleting Azure Active Directory groups

To delete a group

  1. Select the Azure Active Directory | Groups category.
  2. Select the group in the result list.
  3. Delete the group using .
  4. Confirm the security prompt with Yes.

The group is deleted completely from the One Identity Manager database and from Azure Active Directory.

Azure Active Directory administrator roles

By using administrator roles, you can assign administrative permissions to users. Azure Active Directory recognizes several administrator roles, which fulfill different functions. For more detailed information about administrator roles, see the Azure Active Directory documentation from Microsoft.

Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.

To add users to administrator roles, assign the administrator roles directly to the user. This may be administrator role assignments to departments, cost centers, locations, business roles, or the IT Shop.

Editing master data of Azure Active Directory administrator roles

Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.

To edit the master data of an administrator role

  1. Select the Azure Active Directory | Administrator roles category.
  2. Select the administrator role in the result list and run the Change master data task.
  3. Edit the administrator role's master data.
  4. Save the changes.
Table 37: Administrator role master data

Property

Description

Display name

The display name is used to display the administrator role in the One Identity Manager tools' user interface.

Tenant

The administrator role's tenant.

Template ID.

ID of the administrator role template on which this administrator role was based.

IT Shop

Specifies whether the administrator role can be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. The administrator role can still be assigned directly to user accounts and hierarchical roles.

Only for use in IT Shop

Specifies whether the administrator role can only be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. You cannot assign an administrator role directly to a hierarchical role.

Service item

Specifies a service item for requesting the administrator role through the IT Shop.

Risk index

Value for assessing the risk of assigning administrator roles to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

Categories for inheriting administrator roles. Administrator roles can be selectively inherited by user accounts. To do this, administrator roles and user accounts are divided into categories. Use the menu to allocate one or more categories to the administrator role.

Description

Text field for additional explanation.

Related topics

Assigning Azure Active Directory administrator roles to Azure Active Directory user accounts

Administrator roles can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and administrator roles are assigned to hierarchical roles, such as, departments, cost centers, locations, or business roles. The administrator roles assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.

If you add an employee to roles and that employee owns a user account, the user account is added to the administrator roles. Prerequisites for the indirect assignment of employees to user accounts:

  • Assignment of employees and administrator roles is permitted for role classes (departments, cost centers, locations, or business roles).
  • User accounts are marked with the Groups can be inherited option.

Furthermore, administrator roles can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that administrator roles can be assigned through IT Shop requests. All administrator roles assigned as products to this shop, can be requested by the customers. Requested administrator roles are assigned to the employees after approval is granted.

Detailed information about this topic
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating