|
NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the account definition assignment is removed, the user account created through this account definition, is deleted. |
To delete a user account
To restore user account
By default, user accounts are finally deleted from the database after 30 days.The user accounts are initially disabled. You can reenable the user accounts until deferred deletion is run. After deferred deletion is run, the user account are deleted from the database and cannot be restored anymore. You can configure an alternative delay on the table AADAccount in the Designer.
Azure Active Directory recognizes several groups types, in which you can gather users and groups to, for example, regulate access to resources or email distribution.
Groups are loaded into One Identity Manager by synchronization. You can edit individual master data of the group and you can create new security groups in One Identity Manager. You cannot create more groups types in One Identity Manager.
To add users to groups, you assign the groups directly to users. This can be assignments of groups to departments, cost centers, location, business roles or to the IT Shop.
The group types supported in One Identity Manager are listed below.
Group type |
Description |
---|---|
Security group |
Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier. Security groups are loaded into One Identity Manager by synchronization. You can edit security groups in One Identity Manager and also create new ones. |
Office 365 group |
Office 365 groups are loaded into One Identity Manager by synchronization. You can edit Office 365 groups in One Identity Manager but you cannot create new them in One Identity Manager. |
Distribution group |
Distribution groups are used to send emails to group members. Distribution groups are loaded into One Identity Manager by synchronization. You can edit distribution groups in One Identity Manager but you cannot create them in One Identity Manager. |
Mail-enabled security groups |
Mail-enabled security groups are security groups that are used as distribution groups. Mail-enabled security groups are loaded into One Identity Manager by synchronization. You edit mail-enabled security in One Identity Manager but you cannot create new mail-enabled security groups in One Identity Manager. |
Groups are loaded into One Identity Manager by synchronization. You can create new security groups in One Identity Manager. You can merely edit the other groups types and which of the data you can edit, depends on the group type.
To edit group master data
- OR -
Click in the result list toolbar.
Enter the following data on the General tab:
Property | Description |
---|---|
Display name |
The display name is used to display the group in the One Identity Manager tools user interface. |
Tenant |
The group's tenant. |
Alias |
Email alias for the group. |
Email address |
Group's email address |
Proxy addresses |
Other email addresses for the group. You can also add other mail connectors (for example, CCMail, MS) in addition to the standard address type (SMTP, X400). Use the following syntax to set up other proxy addresses: Address type: new email address |
Group type | Specifies a group's type The value is "unified" for Office 365 group and is empty for security and distribution groups. |
Security group |
Specifies whether the this group is a security group. Resource permissions are distributed through security groups. User accounts and other groups are added to security groups, which makes administration easier. |
Mail-enabled |
Specifies whether the email is enabled for the group. If this option is set for a security group, it is a mail-enabled security group. Otherwise, it is a distribution group. |
IT Shop |
Specifies whether the group can be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group can still be assigned directly to hierarchical roles. |
Only for use in IT Shop |
Specifies whether the group can only be requested through the IT Shop. This group can be requested by staff through the Web Portal and granted through a defined approval process. The group may not be assigned directly to hierarchical roles. |
Service item |
Service item data for requesting the group through the IT Shop. |
Risk index |
Value for evaluating the risk of assigning the group to user accounts. Enter a value between 0 and 1. This property is only visible when the configuration parameter QER\CalculateRiskIndex is set. For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide. |
Category |
Categories for group inheritance. Groups can be selectively inherited by user accounts. To do this, groups and user accounts are divided into categories. Use this menu to allocate one or more categories to the group. |
Description |
Spare text box for additional explanation. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy