Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory Environments Setting Up Synchronization with an Azure Active Directory Tenant Base Data for Managing Azure Active Directory Azure Active Directory Core Directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory Administrator Roles Azure Active Directory Subscriptions and Service Plans
Azure Active Directory Subscriptions Disabled Azure Active Directory Service Plan
Reports about Azure Active Directory Objects Appendix: Configuration Parameters for Managing Azure Active Directory Appendix: Default Project Template for Azure Active Directory

Information about Local Active Directory Groups

Information about Local Active Directory Groups

The Federation tab shows information about the local Active Directory user account, which is linked to the Azure Active Directory user account.

Table 38: Local Active Directory Group Data
Property Description

SynchronizationClosed with local Active Directory enabled

Specifies whether synchronization with a local Active Directory is enabled.

Last synchronization

Time of the last Azure Active Directory group synchronization with the local Active Directory.

SID of local group

Security ID of the local Active Directory group.

Assigning Azure Active Directory Groups to Azure Active Directory User Accounts

Assigning Azure Active Directory Groups to Azure Active Directory User Accounts

Groups can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and groups are assigned to hierarchical roles, such as , departments, cost centers, locations or business roles. The groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.

If you add an employee to roles and that employee owns a user account, the user account is added to the groups. Prerequisites for indirect assignment of employees to user accounts:

  • Assignment of employees and groups is permitted for role classes (department, cost center, location or business role).
  • The user accounts are marked with the option Groups can be inherited.

Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.

Detailed information about this topic

Assigning Azure Active Directory Groups to Departments, Cost Centers and Locations

Assigning Azure Active Directory Groups to Departments, Cost Centers and Locations

Assign groups to departments, cost centers or locations so that the group can be assigned to user accounts through these organizations.

To assign a group to departments, cost centers or locations (non role-based login)

  1. Select the category Azure Active Directory | Groups.
  2. Select the group in the result list.
  3. Select Assign organizations.
  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.
    • Assign locations on the Locations tab.
    • Assign cost centers on the Cost center tab.

    - OR -

    Remove the organizations from Remove assignments.

  5. Save the changes.

To assign groups to a department, cost center or location (role-based login)

  1. Select the category Organizations | Departments.

    - OR -

    Select the category Organizations | Cost centers.

    - OR -

    Select the category Organizations | Locations.

  2. Select the department, cost center or location in the result list.
  3. Select Assign Azure Active Directory groups.
  4. Assign groups in Add assignments.

    - OR -

    Remove assignments to groups in Remove assignments.

  5. Save the changes.
Related Topics

Assigning Azure Active Directory Groups to Business Roles

Assigning Azure Active Directory Groups to Business Roles

Installed Modules: Business Roles Module

Assign the group to business roles so that the group is assigned to user accounts through these business roles.

To assign a group to a business role (non role-based login)

  1. Select the category Azure Active Directory | Groups.
  2. Select the group in the result list.
  3. Select Assign business roles in the task view.
  4. Assign business roles in Add assignments.

    - OR -

    Remove business roles from Remove assignments.

  5. Save the changes.

To assign groups to a business role (non role-based login)

  1. Select the category Business roles | <Role class>.
  2. Select the business role in the result list.
  3. Select Assign Azure Active Directory groups.
  4. Assign groups in Add assignments.

    - OR -

    Remove assignments to groups in Remove assignments.

  5. Save the changes.
Related Topics
Related Documents