Deleting and Restoring Azure Active Directory User Accounts
Deleting and Restoring Azure Active Directory User Accounts
|
|
NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the account definition assignment is removed, the user account created through this account definition, is deleted. |
To delete a user account
- Select the category Azure Active Directory | User accounts.
- Select the user account in the result list.
- Delete the user account.
- Confirm the security prompt with Yes.
To restore user account
- Select the category Azure Active Directory | User accounts.
- Select the user account in the result list.
- Click Undo delete in the result list toolbar.
Configuring Deferred Deletion
By default, user accounts are finally deleted from the database after 30 days.The user accounts are initially disabled. You can reenable the user accounts until deferred deletion is run. After deferred deletion is run, the user account are deleted from the database and cannot be restored anymore. You can configure an alternative delay on the table AADAccount in the Designer.
Related Topics
- Disabling Azure Active Directory User Accounts
- For more detailed information about deactivating and deleting employees and user accounts, see the One Identity Manager Target System
An instance of a target system in which the employees managed by One Identity Manager have access to network resources. Example: An Active Directory domain X for target system type "Active Directory", a directory Y for target system type "LDAP", a client Z for target system type "SAP R/3". Base Module Administration Guide.
Azure Active Directory groups
Azure Active Directory Groups
Azure Active Directory recognizes several groups types, in which you can gather users and groups to, for example, regulate access to resources or email distribution.
Groups are loaded into One Identity Manager by synchronization. You can edit individual master data of the group and you can create new security groups in One Identity Manager. You cannot create more groups types in One Identity Manager.
To add users to groups, you assign the groups directly to users. This can be assignments of groups to departments, cost centers, location, business roles or to the IT Shop.
The group types supported in One Identity Manager are listed below.
|
Group type |
Description |
|---|---|
|
Security group |
Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier. Security groups are loaded into One Identity Manager by synchronization. You can edit security groups in One Identity Manager and also create new ones. |
|
Office 365 group |
Office 365 groups are loaded into One Identity Manager by synchronization. You can edit Office 365 groups in One Identity Manager but you cannot create new them in One Identity Manager. |
|
Distribution group |
Distribution groups are used to send emails to group members. Distribution groups are loaded into One Identity Manager by synchronization. You can edit distribution groups in One Identity Manager but you cannot create them in One Identity Manager. |
|
Mail-enabled security groups |
Mail-enabled security groups are security groups that are used as distribution groups. Mail-enabled security groups are loaded into One Identity Manager by synchronization. You edit mail-enabled security in One Identity Manager but you cannot create new mail-enabled security groups in One Identity Manager. |
Editing Azure Active Directory Group Master Data
Editing Azure Active Directory Group Master Data
Groups are loaded into One Identity Manager by synchronization. You can create new security groups in One Identity Manager. You can merely edit the other groups types and which of the data you can edit, depends on the group type.
To edit group master data
- Select the category Azure Active Directory | Groups.
- Select the group in the result list and run Change master data in the task view.
- OR -
Click
in the result list toolbar.
- Edit a group's master data.
- Save the changes.
Detailed information about this topic
- General Master Data for an Azure Active Directory Group
- Information about Local Active Directory Groups
General Master Data for an Azure Active Directory Group
General Master Data for an Azure Active Directory Group
Enter the following data on the General tab:
| Property | Description |
|---|---|
|
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
| Tenant |
The group's tenant. |
|
Alias |
Email alias for the group. |
|
Email address |
Group's email address |
| Proxy addresses |
Other email addresses for the group. You can also add other mail connectors (for example, CCMail, MS) in addition to the standard address type (SMTP, X400). Use the following syntax to set up other proxy addresses: Address type: new email address |
| Group type | Specifies a group's type The value is "unified" for Office 365 group and is empty for security and distribution groups. |
|
Security group |
Specifies whether the this group is a security group. Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier. |
| Mail-enabled |
Specifies whether the email is enabled for the group. If this option is set for a security group, it is a mail-enabled security group. Otherwise, it is a distribution group. |
|
IT Shop |
Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles. |
|
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles. |
|
Service item |
Service item data for requesting the group through the IT Shop. |
|
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
|
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group. |
|
Description |
Spare text box for additional explanation. |
Related Topics
- Azure Active Directory Group Inheritance Based on Categories
- For more detailed information about preparing groups for requesting through the IT Shop, see the One Identity Manager IT Shop Administration Guide.