Managing Azure Active Directory Environments
Setting Up Synchronization with an Azure Active Directory Tenant
Users and Permissions for Synchronizing with Azure Active Directory
Integrating One Identity Manager into Azure Active Directory as an Application
Setting Up the Synchronization Server
Creating a Synchronization Project for initial Synchronization of an Azure Active Directory Tenant
Show Synchronization Results
Customizing Synchronization Configuration
Base Data for Managing Azure Active Directory
Configuring Synchronization with Azure Active Directory Tenants
Configuring Synchronization of Different Azure Active Directory Tenants
Updating Schemas
Post-Processing Outstanding Objects
Configuring Memberships Provisioning
Supporting Analysis of Synchronization Issues
Deactivating Synchronization
Setting Up Account Definitions
Azure Active Directory Core Directories
Creating an Account Definition
Setting Up Manage Levels
Creating a Formatting Rule for IT Operating Data
Determining IT Operating Data
Modifying IT Operating Data
Assigning Account Definitions to Employees
Password Policies
Assigning Account Definitions to Departments, Cost Centers and Locations
Assigning Account Definitions to Business Roles
Assigning Account Definitions to all Employees
Assigning Account Definitions Directly to Employees
Assigning Account Definitions to System Roles
Adding Account Definitions in the IT Shop
Assigning Account Definitions to a Target System
Deleting an Account Definition
Predefined Password Policies
Editing Password Policies
Custom Scripts for Password Requirements
Restricted Passwords
Testing a Password
Testing Generating a Password
Assigning a Password Policy
Initial Password for New Azure Active Directory User Accounts
Email Notifications about Login Data
Target System Managers
Editing a Server
Azure Active Directory Tenant
Azure Active Directory user accounts
General Master Data for a Azure Active Directory Tenant
Local Active Directory Data
Specifying Categories for Inheriting Permissions
How to Edit a Synchronization Project
Azure Active Directory Domains
Linking User Accounts to Employees
Supported User Account Types
Entering Master Data for Azure Active Directory User Accounts
Azure Active Directory groups
General Master Data for a Azure Active Directory User Account
Contact Data for a Azure Active Directory User Account
Organizational Data for an Azure Active Directory User Account
Active Directory User Account Local Data
Additional Tasks for Managing Azure Active Directory User Accounts
Overview of Azure Active Directory User Accounts
Changing the Manage Level of an Azure Active Directory User Account
Assigning Azure Active Directory Groups Directly to Azure Active Directory User Accounts
Assigning Azure Active Directory Administrator Roles directly to Azure Active Directory User Accounts
Assigning Azure Active Directory Subscriptions directly to Azure Active Directory User Accounts
Assigning Disabled Azure Active Directory Service Plans directly to Azure Active Directory User Accounts
Assigning Extended Properties to an Azure Active Directory User Account
Automatic Assignment of Employees to Azure Active Directory User Accounts
Disabling Azure Active Directory User Accounts
Deleting and Restoring Azure Active Directory User Accounts
Editing Azure Active Directory Group Master Data
Azure Active Directory Administrator Roles
General Master Data for an Azure Active Directory Group
Information about Local Active Directory Groups
Assigning Azure Active Directory Groups to Azure Active Directory User Accounts
Assigning Azure Active Directory Groups to Departments, Cost Centers and Locations
Assigning Azure Active Directory Groups to Business Roles
Assigning Azure Active Directory User Accounts directly to an Azure Active Directory Group
Adding Azure Active Directory Groups to System Roles
Adding Azure Active Directory Groups to the IT Shop
Additional Tasks for Managing Azure Active Directory Groups
Overview of Azure Active Directory Groups
Adding Azure Active Directory Groups to Azure Active Directory Groups
Effectiveness of Group Memberships
Azure Active Directory Group Inheritance Based on Categories
Assigning Owners to Azure Active Directory Groups
Assigning Extended Properties to an Azure Active Directory Group
Deleting Azure Active Directory Groups
Editing Azure Active Directory Administrator Role Master Data
Assigning Azure Active Directory Administrator Roles to Azure Active Directory User Accounts
Azure Active Directory Subscriptions and Service Plans
Assigning Azure Active Directory Administration Roles to Departments, Cost Centers and Locations
Assigning Azure Active Directory Administrator Roles to Business Roles
Assigning Azure Active Directory User Accounts directly to Azure Active Directory Administrator Roles
Adding Azure Active Directory Administrator Roles to System Roles
Adding Azure Active Directory Administrator Roles in the IT Shop
Additional Tasks for Managing Azure Active Directory Administrator Roles
Azure Active Directory Subscriptions
Reports about Azure Active Directory Objects
Appendix: Configuration Parameters for Managing Azure Active Directory
Appendix: Default Project Template for Azure Active Directory
Editing Azure Active Directory Subscription Master Data
Assigning Azure Active Directory Subscriptions to Azure Active Directory User Accounts
Disabled Azure Active Directory Service Plan
Assigning Azure Active Directory Subscriptions to Departments, Cost Centers and Locations
Assigning Azure Active Directory Subscriptions to Business Roles
Assigning Azure Active Directory User Accounts directly to an Azure Active Directory Subscription
Adding Azure Active Directory Subscriptions to System Roles
Adding Azure Active Directory Subscriptions to the IT Shop
Additional Tasks for Managing Azure Active Directory Subscriptions
Editing Master Data of Disabled Azure Active Directory Service Plans
Assigning Disabled Azure Active Directory Service Plans to Azure Active Directory User Accounts
Assigning Disabled Azure Active Directory Service Plans to Departments, Cost Centers and Locations
Assigning Disabled Azure Active Directory Service Plans to Business Roles
Assigning Azure Active Directory User Accounts directly to Azure Active Directory Service Plans
Adding Disabled Azure Active Directory Service Plans to System Roles
Adding Disabled Azure Active Directory Service Plans to the IT Shop
Additional Tasks for Managing Disabled Azure Active Directory Service Plans
Assigning Owners to Azure Active Directory Groups
Azure Active Directory groups > Additional Tasks for Managing Azure Active Directory Groups > Assigning Owners to Azure Active Directory Groups
Assigning Owners to Azure Active Directory Groups
A group owner can edit group properties.
To assign owners to a group
- Select the category Azure Active Directory | Groups.
- Select the group in the result list.
- Select Assign owner in the task view.
- Select the table containing the owner from the menu at the top of the form. You have the following options:
- Azure Active Directory user accounts
-
Assign owners in Add assignments.
- OR -
Remove owners in Remove assignments.
- Save the changes.
Assigning Extended Properties to an Azure Active Directory Group
Azure Active Directory groups > Additional Tasks for Managing Azure Active Directory Groups > Assigning Extended Properties to an Azure Active Directory Group
Assigning Extended Properties to an Azure Active Directory Group
Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.
To specify extended properties for a group
- Select the category Azure Active Directory | Groups.
- Select the group in the result list.
- Select Assign extended properties in the task view.
-
Assign extended properties in Add assignments.
The view- OR -
Remove extended properties from Remove assignments.
- Save the changes.
For more detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
Deleting Azure Active Directory Groups
Deleting Azure Active Directory Groups
To delete a group
- Select the category Azure Active Directory | Groups.
- Select the group in the result list.
- Delete the group using
.
- Confirm the security prompt with Yes.
The group is deleted completely from the One Identity Manager database and from Azure Active Directory.
Azure Active Directory Administrator Roles
Azure Active Directory Administrator Roles
Azure Active Directory Administrator Roles
By using administrator roles, you can assign administrative permissions to users. Azure Active Directory recognizes several administrator roles, which fulfill different functions. For more detailed information about administrator roles, see the Azure Active Directory documentation from Microsoft.
Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.
To add users to administrator roles, assign the administrator roles directly to the user. This may be administrator role assignments to departments, cost centers, location, business roles or to the IT Shop.