Chat now with support
Chat with Support

Identity Manager 9.1.2 - Administration Guide for Connecting to Active Directory

Managing Active Directory environments Synchronizing an Active Directory environment
Setting up initial synchronization with an Active Directory domain Adjusting the synchronization configuration for Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Active Directory user accounts and employees
Account definitions for Active Directory user accounts and Active Directory contacts Assigning employees automatically to Active Directory user accounts Supported user account types Updating employees when Active Directory user account are modified Automatic creation of departments and locations based on user account information Specifying deferred deletion for Active Directory user accounts and Active Directory contacts
Managing memberships in Active Directory groups Login information for Active Directory user accounts Mapping of Active Directory objects in One Identity Manager
Active Directory domains Active Directory container structures Active Directory user accounts Active Directory contacts Active Directory groups Active Directory computers Active Directory security IDs Active Directory printers Active Directory sites Reports about Active Directory objects
Handling of Active Directory objects in the Web Portal Basic data for managing an Active Directory environment Configuration parameters for managing an Active Directory environment Default project template for Active Directory Processing methods of Active Directory system objects Active Directory connector settings

Default solutions for requesting Active Directory groups and group memberships

In One Identity Manager, standard products and default approval workflows are provided for requesting Active Directory groups and membership in these groups through the IT Shop. Permissions in this target system are therefore issued by defined approval processes. In the Web Portal, product owners and target system managers can edit properties of these groups and request changes.

For more information about this, see the One Identity Manager Web Designer Web Portal User Guide.

Detailed information about this topic

Adding Active Directory groups

By requesting this standard product, you can add new security groups or distribution groups in the Active Directory. The requester provides information about the name, container, and domain, if known, of the request. Based on this information, the target system manager specifies the container in which the group will be added and grants approval for the request. The group is created in One Identity Manager and published to the target system.

Prerequisite
  • Employees are assigned to the Target systems | Active Directory application role.

If the QER | ITShop | AutoPublish | ADSGroup configuration parameter is set, the group is added to the IT Shop and the assigned to the shelf Identity & Access Lifecycle | Active Directory groups. The group is assigned to the service category Security group or Distribution group respectively.

Table 58: Default objects for requesting an Active Directory group

Products

Creating an Active Directory security group

Creating an Active Directory distribution group

Service category

Active Directory groups

Shelf

Identity & Access Lifecycle > Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group create requests

Detailed information about this topic

Changing Active Directory groups

Product owners and target system managers can request updates to the group type and group scope of Active Directory groups in the Web Portal. The target system manager must grant approval for these changes. The changes are published in the target system.

Prerequisites
  • The group can be requested in the IT Shop.

  • Employees are assigned to the Target systems | Active Directory application role.

Table 59: Default objects for changing an Active Directory group

Product

Modifying an Active Directory group

Service category

Not assigned

Shelf

Identity & Access Lifecycle > Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group change requests

Deleting Active Directory groups

Product owners and target system managers can request deletion of an Active Directory group in the Web Portal. The product owner or target system manager must grant deletion approval. The group is deleted in One Identity Manager and the change is published in the target system.

Prerequisites
  • The group can be requested in the IT Shop.

  • Employees are assigned to the Target systems | Active Directory application role.

Table 60: Default objects for deleting an Active Directory group

Product

Deleting an Active Directory group

Service category

Not assigned

Shelf

Identity & Access Lifecycle > Group Lifecycle

Approval policies/approval workflows

Approval of Active Directory group deletion requests

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating