Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory Environments Setting Up Synchronization with an Azure Active Directory Tenant Base Data for Managing Azure Active Directory Azure Active Directory Core Directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory Administrator Roles Azure Active Directory Subscriptions and Service Plans
Azure Active Directory Subscriptions Disabled Azure Active Directory Service Plan
Reports about Azure Active Directory Objects Appendix: Configuration Parameters for Managing Azure Active Directory Appendix: Default Project Template for Azure Active Directory

Deleting and Restoring Azure Active Directory User Accounts

Deleting and Restoring Azure Active Directory User Accounts

NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the account definition assignment is removed, the user account created through this account definition, is deleted.

To delete a user account

  1. Select the category Azure Active Directory | User accounts.
  2. Select the user account in the result list.
  3. Delete the user account.
  4. Confirm the security prompt with Yes.

To restore user account

  1. Select the category Azure Active Directory | User accounts.
  2. Select the user account in the result list.
  3. Click Undo delete in the result list toolbar.
Configuring Deferred Deletion

By default, user accounts are finally deleted from the database after 30 days.The user accounts are initially disabled. You can reenable the user accounts until deferred deletion is run. After deferred deletion is run, the user account are deleted from the database and cannot be restored anymore. You can configure an alternative delay on the table AADAccount in the Designer.

Related Topics
  • Disabling Azure Active Directory User Accounts
  • For more detailed information about deactivating and deleting employees and user accounts, see the One Identity Manager Target SystemClosed Base Module Administration Guide.

Azure Active Directory groups

Azure Active Directory Groups

Azure Active Directory recognizes several groups types, in which you can gather users and groups to, for example, regulate access to resources or email distribution.

Groups are loaded into One Identity Manager by synchronization. You can edit individual master data of the group and you can create new security groups in One Identity Manager. You cannot create more groups types in One Identity Manager.

To add users to groups, you assign the groups directly to users. This can be assignments of groups to departments, cost centers, location, business roles or to the IT Shop.

The group types supported in One Identity Manager are listed below.

Table 36: Support Groups Types

Group type

Description

Security group

Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier.

Security groups are loaded into One Identity Manager by synchronization. You can edit security groups in One Identity Manager and also create new ones.

Office 365 group

Office 365 groups are loaded into One Identity Manager by synchronization. You can edit Office 365 groups in One Identity Manager but you cannot create new them in One Identity Manager.

Distribution group

Distribution groups are used to send emails to group members. Distribution groups are loaded into One Identity Manager by synchronization. You can edit distribution groups in One Identity Manager but you cannot create them in One Identity Manager.

Mail-enabled security groups

Mail-enabled security groups are security groups that are used as distribution groups.

Mail-enabled security groups are loaded into One Identity Manager by synchronization. You edit mail-enabled security in One Identity Manager but you cannot create new mail-enabled security groups in One Identity Manager.

Editing Azure Active Directory Group Master Data

Editing Azure Active Directory Group Master Data

Groups are loaded into One Identity Manager by synchronization. You can create new security groups in One Identity Manager. You can merely edit the other groups types and which of the data you can edit, depends on the group type.

To edit group master data

  1. Select the category Azure Active Directory | Groups.
  2. Select the group in the result list and run Change master data in the task view.

    - OR -

    Click in the result list toolbar.

  3. Edit a group's master data.
  4. Save the changes.
Detailed information about this topic

General Master Data for an Azure Active Directory Group

General Master Data for an Azure Active Directory Group

Enter the following data on the General tab:

Table 37: General Master Data
Property Description

Display name

The display name is used to display the group in the One Identity Manager tools user interface.

Tenant

The group's tenant.

Alias

Email alias for the group.

Email address

Group's email address

Proxy addresses

Other email addresses for the group. You can also add other mail connectors (for example, CCMail, MS) in addition to the standard address type (SMTP, X400).

Use the following syntax to set up other proxy addresses:

Address type: new email address

Group type Specifies a group's type The value is "unified" for Office 365 group and is empty for security and distribution groups.

Security group

Specifies whether the this group is a security group. Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier.

Mail-enabled

Specifies whether the email is enabled for the group. If this option is set for a security group, it is a mail-enabled security group. Otherwise, it is a distribution group.

IT Shop

Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles.

Only for use in IT Shop

Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles.

Service item

Service item data for requesting the group through the IT Shop.

Risk index

Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group.

Description

Spare text box for additional explanation.

Related Topics
Related Documents