Entering Master Data for Azure Active Directory User Accounts
Entering Master Data for Azure Active Directory User Accounts
A user account can be linked to an employee in the One Identity Manager. You can also manage user accounts separately from employees.
|
|
NOTE: It is recommended to use account definitions to set up user accounts for company employees. In this case, some of the master data described in the following is mapped through templates from employee master data. |
|
|
NOTE: If employees obtain their user accounts through account definitions, they have to have a central user account |
|
|
TIP: You can combine the account definition for creating the user account and the subscription that will be used into one system role. in this way, the employee automatically obtains a user account and a subscription. An employee can obtain this system role directly, through departments, cost centers, location or business roles or by IT Shop request. |
To edit master data for a user account
- Select the category Azure Active Directory | User accounts.
- Select the user account in the result list and run the task Change master data.
- OR-
Click
in the result list toolbar.
- Edit the user account's resource data.
- Save the changes.
To manually assign or create a user account for an employee
- Select the Employees | Employees.
- Select the employee in the result list and run Assign Azure Active Directory user accounts from the task view.
- Assign a user account.
- Save the changes.
Detailed information about this topic
- General Master Data for a Azure Active Directory User Account
- Contact Data for a Azure Active Directory User Account
- Organizational Data for an Azure Active Directory User Account
- Active Directory User Account Local Data
Related Topics
- Setting Up Account Definitions
- Supported User Account Types
- Azure Active Directory Subscriptions and Service Plans
General Master Data for a Azure Active Directory User Account
General Master Data for a Azure Active Directory User Account
Enter the following data on the General tab:
| Property | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Employee |
Employee that uses this user account. An employee is already entered if the user account was generated by an account definition. If you create the user account manually, you can select an employee in the menu. If you use automatic employee assignment, an associated employee is created and entered into the user account when the user account is saved. | ||||||||||||||
|
Account definition |
Account definition through which the user account was created. Use the account definition to automatically fill user account master data and to specify a manage level for the user account. The One Identity Manager finds the IT operating data of the assigned employee and enters it in the corresponding fields in the user account.
To create the user account manually through an account definition, enter an employee in the Employee box. You can select all the account definitions assigned to this employee and through which no user account has been created for this employee. | ||||||||||||||
|
Manage level |
User account's manage level. Select a manage level from the menu. You can only specify the manage level can if you have also entered an account definition. All manage levels of the selected account definition are available in the menu. | ||||||||||||||
|
Tenant |
User account's tenant. | ||||||||||||||
|
Domain |
User account's user account. | ||||||||||||||
|
Location |
Location where this user account is in use. | ||||||||||||||
|
First name |
The user’s first name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. | ||||||||||||||
|
Last name |
The user’s last name. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. | ||||||||||||||
|
User login name |
User account login name. The user's login name is made up of the alias and the domain. User login names that are formatted like this correspond to the User Principal Name (UPN) in Azure Active Directory. | ||||||||||||||
|
Alias |
Email alias for the user account. | ||||||||||||||
|
Preferred language |
User's preferred language, for example "en-US". | ||||||||||||||
|
Password |
Password for the user account. Depending on the configuration parameter "Person\UseCentralPassword" the employee’s central password can be mapped to the user account‘s password. If you use an initial password for the user accounts, it is automatically entered when a user account is created.
| ||||||||||||||
|
Password confirmation |
Reconfirm password. | ||||||||||||||
|
Change password the next time you log in |
Specifies whether the user must change their password the next time they log in. | ||||||||||||||
|
Password policies |
Policies, which only apply to the user account. The available options are: No restrictions, Password never expires and Allow weak passwords. | ||||||||||||||
|
Risk index (calculated) |
Maximum risk index values for all assigned . This property is only visible if the configuration parameter "QER\CalculateRiskIndex" is set. For more detailed information, see the .One Identity Manager Risk Assessment Administration Guide | ||||||||||||||
|
Category |
Categories for the inheritance of groups by the user account. Select one or more categories from the menu. Groups can be selectively inherited by user accounts. To do this, groups and user accounts or contacts are divided into categories. | ||||||||||||||
|
Identity |
User account's identity type
| ||||||||||||||
|
Privileged user account |
Specifies whether this is a privileged user account. | ||||||||||||||
|
Groups can be inherited |
Specifies whether the user account groups can inherit through the employee. If this option is set, the user account inherits groups through hierarchical roles or IT Shop requests.
| ||||||||||||||
|
User account is disabled |
Specifies whether the user account is disable. If a user account is not required for a period of time, you can temporarily disable the user account by using the option <User account is deactivated>. |
Related Topics
- Setting Up Account Definitions
- Password Policies
- Azure Active Directory Group Inheritance Based on Categories
- Linking User Accounts to Employees
- Supported User Account Types
- Disabling Azure Active Directory User Accounts
Contact Data for a Azure Active Directory User Account
Contact Data for a Azure Active Directory User Account
Enter the following address data for contacting the employee on the Contact tab.
| Property | Description |
|---|---|
|
Street |
Street or road. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
State |
State. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
Town |
City. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Locations can be automatically generated and employees assigned based on the town. |
|
Zip code |
Zip code. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
Country |
The country ID. |
|
Business phones |
Business telephone numbers. |
|
Mobile phone |
Mobile number. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
Email address |
User account's email address. |
|
Proxy addresses |
Other email addresses for the user. You can also add other mail connectors (for example, CCMail, MS) in addition to the standard address type (SMTP, X400). Use the following syntax to set up other proxy addresses: Address type: new email address |
Organizational Data for an Azure Active Directory User Account
Organizational Data for an Azure Active Directory User Account
Enter the following organizational master data on the Organizational tab.
| Property | Description |
|---|---|
|
Office |
Office. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
Company |
Employee's company. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
Department |
Employee's department If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. Departments can be automatically generated and employees assigned based on the department data. |
|
Job description |
Job description. If you have assigned an account definition, the input field is automatically filled out with respect to the manage level. |
|
Account manager |
Manager responsible for the user account. To specify an account manager
|
next to the text box.