The Federation tab shows information about the local Active Directory user account, which is linked to the Azure Active Directory user account.
Property | Description |
---|---|
Synchronization |
Specifies whether synchronization with a local Active Directory is enabled. |
Last synchronization |
Time of the last Azure Active Directory group synchronization with the local Active Directory. |
SID of local group |
Security ID of the local Active Directory group. |
Groups can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and groups are assigned to hierarchical roles, such as , departments, cost centers, locations or business roles. The groups assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.
If you add an employee to roles and that employee owns a user account, the user account is added to the groups. Prerequisites for indirect assignment of employees to user accounts:
Furthermore, groups can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that groups can be assigned through IT Shop requests. All groups are assigned to this shop can be requested by the customers. Requested groups are assigned to the employees after approval is granted.
Assign groups to departments, cost centers or locations so that the group can be assigned to user accounts through these organizations.
To assign a group to departments, cost centers or locations (non role-based login)
Assign organizations in Add assignments.
- OR -
Remove the organizations from Remove assignments.
To assign groups to a department, cost center or location (role-based login)
- OR -
Select the category Organizations | Cost centers.
- OR -
Select the category Organizations | Locations.
- OR -
Remove assignments to groups in Remove assignments.
Installed Modules: | Business Roles Module |
Assign the group to business roles so that the group is assigned to user accounts through these business roles.
To assign a group to a business role (non role-based login)
Assign business roles in Add assignments.
- OR -
Remove business roles from Remove assignments.
To assign groups to a business role (non role-based login)
- OR -
Remove assignments to groups in Remove assignments.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy