Assigning Exchange Online mail-enabled distribution groups to business roles
NOTE: This function is only available if the Business Roles Module is installed.
Assign the mail-enabled distribution group to business roles so that the mail-enabled distribution group is assigned to user accounts through these business roles.
To assign a mail-enabled distribution group to business roles (non role-based login)
-
In the Manager, select the Azure Active Directory > Mail-enabled distribution groups category.
-
Select the mail-enabled distribution group in the result list.
-
Select the Assign business roles task.
-
In the Add assignments pane, select the role class and assign business roles.
TIP: In the Remove assignments pane, you can remove assigned business roles.
To remove an assignment
- Save the changes.
To assign mail-enabled distribution groups to a business role (non role-based login or role-based login)
-
In the Manager, select the Business roles > <role class> category.
-
Select the business role in the result list.
-
Select the Assign Exchange Online mail-enabled distribution list task.
-
In the Add assignments pane, assign mail-enabled distribution groups.
TIP: In the Remove assignments pane, you can remove assigned mail-enabled distribution groups.
To remove an assignment
- Save the changes.
Related topics
Adding Exchange Online mail-enabled distribution groups to system roles
NOTE: This function is only available if the System Roles Module is installed.
Use this task to add a group to system roles. When you assign a system role to an identity, the mail-enabled distribution group are inherited by all mailboxes, mail users, and mail contacts that these identities have.
NOTE: Mail-enabled distribution groups with the Only use in IT Shop option set can only be assigned to system roles that also have this option set. For more information, see the One Identity Manager System Roles Administration Guide.
To assign an mail-enabled distribution group to system roles
-
In the Manager, select the Azure Active Directory > Mail-enabled distribution groups category.
-
Select the mail-enabled distribution group in the result list.
-
Select the Assign system roles task.
-
In the Add assignments pane, assign system roles.
TIP: In the Remove assignments pane, you can remove assigned system roles.
To remove an assignment
- Save the changes.
Related topics
Assigning Exchange Online mail-enabled distribution groups to the IT Shop
Once a mail-enabled distribution group has been assigned to an IT Shop shelf, it can be requested by the shop customers. To ensure it can be requested, further prerequisites need to be guaranteed.
-
The mail-enabled distribution group must be labeled with the IT Shop option.
-
The mail-enabled distribution group must be assigned to a service item.
TIP: In the Web Portal, all products that can be requested are grouped together by service category. To make the mail-enabled distribution group easier to find in the Web Portal, assign a service category to the service item.
-
If you want the mail-enabled distribution group to be assigned to identities only through the IT Shop, the mail-enabled distribution group must also be marked with the Only use in IT Shop option. Direct assignment to hierarchical roles or mailboxes, mail users and mail contacts is then no longer permitted.
NOTE: IT Shop administrators can assign mail-enabled distribution groups to IT Shop shelves in the case of role-based login. Target system administrators are not authorized to add mail-enabled distribution groups in the IT Shop.
To add a mail-enabled distribution group in the IT Shop
-
In the Manager, select the Azure Active Directory > Mail-enabled distribution groups (non role-based login) category.
- OR -
In the Manager, select the Entitlements > Exchange Online mail-enabled distribution groups (role-based login) category.
-
Select the mail-enabled distribution group in the result list.
-
Select Add to IT Shop.
-
In the Add assignments pane, assign mail-enabled distribution groups to IT Shop shelves.
- Save the changes.
To add a mail-enabled distribution group to individual IT Shop shelves
-
In the Manager, select the Azure Active Directory > Mail-enabled distribution groups category (non role-based login).
- OR -
In the Manager, select the Entitlements > Exchange Online mail-enabled distribution groups category (role-based login).
-
Select the mail-enabled distribution group in the result list.
-
Select the Add to IT Shop task.
-
In the Remove assignments pane, removed assigned mail-enabled distribution groups from IT Shop shelves.
- Save the changes.
To add a mail-enabled distribution group to all the IT Shop shelves
-
In the Manager, select the Azure Active Directory > Mail-enabled distribution groups (non role-based login) category.
- OR -
In the Manager, select the Entitlements > Exchange Online mail-enabled distribution groups category (role-based login).
-
Select the mail-enabled distribution group in the result list.
-
Select the Remove from all shelves (IT Shop) task.
- Confirm the security prompt with Yes.
-
Click OK.
The One Identity Manager Service removes the mail-enabled distribution group from all the shelves. All requests and assignment requests with this mail-enabled distribution group are canceled at the same time.
For more information about requesting company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.
Related topics
Adding Exchange Online mail-enabled distribution groups automatically to the IT Shop
The following steps can be used to automatically add mail-enabled distribution groups to the IT Shop. Synchronization ensures that the mail-enabled distribution groups are added to the IT Shop. If necessary, you can manually start synchronization with the Synchronization Editor. Mail-enabled distribution groups created in One Identity Manager also are added automatically to the IT Shop.
To add mail-enabled distribution groups automatically to the IT Shop
-
In the Designer, set the QER | ITShop | AutoPublish | O3EDL configuration parameter.
-
In order not to add mail-enabled distribution groups to the IT Shop automatically, in the Designer, set the QER | ITShop | AutoPublish | O3EDL | ExcludeList configuration parameter.
This configuration parameter contains a listing of all mail-enabled distribution groups that should not be allocated to the IT Shop automatically. You can extend this list if required. To do this, enter the name of the groups in the configuration parameter. Names are listed in a pipe (|) delimited list. Regular expressions are supported.
-
Compile the database.
From this time on, local mail-enabled distribution groups are added to the IT Shop automatically.
The following steps are run to add a local mail-enabled distribution group to the IT Shop automatically.
-
A service item is determined for the mail-enabled distribution group.
The service item is tested for each mail-enabled distribution group and modified if necessary. The name of the service item corresponds to the name of the mail-enabled distribution group.
-
The service item is assigned to the Azure Active Directory groups | Exchange Online distribution groups default service category.
-
An application role for product owners is determined and assigned to the service item.
Product owners can approve requests for membership in these mail-enabled distribution groups. By default, the administrator of an mail-enabled distribution group is determined to be the product owner.
NOTE: The application role for the product owner must be added under the Request & Fulfillment | IT Shop | Product owner application role.
-
If the administrator of the mail-enabled distribution group is already a member of a product owner application role, then this application role is assigned to the service item. Therefore, all members of this application role become product owners of the mail-enabled distribution group.
-
If the account manager of the mail-enabled distribution group is not yet a member of an application role for product owners, a new application role is created. The name of the application corresponds to the name of the owner.
-
If the administrator is a user account, the user account's identity is added to the application role.
-
If it is a group of administrators, the identities of all this group's user accounts are added to the application role.
-
The mail-enabled distribution group is labeled with the IT Shop option and assigned to the IT Shop distribution groups Exchange Online shelf in the Identity & Access Lifecycle shop.
Then the shop customers can use the Web Portal to request memberships in the mail-enabled distribution groups.
NOTE: When a mail-enabled distribution group is irrevocably deleted from the One Identity Manager database, the associated service item is also deleted.
For more information about configuring the One Identity Manager IT Shop Administration Guide, see the IT Shop. For more information about requesting access requests in the Web Portal, see the One Identity Manager Web Portal User Guide.
Related topics