Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory Environments Setting Up Synchronization with an Azure Active Directory Tenant Base Data for Managing Azure Active Directory Azure Active Directory Core Directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory Administrator Roles Azure Active Directory Subscriptions and Service Plans
Azure Active Directory Subscriptions Disabled Azure Active Directory Service Plan
Reports about Azure Active Directory Objects Appendix: Configuration Parameters for Managing Azure Active Directory Appendix: Default Project Template for Azure Active Directory

Editing Azure Active Directory Administrator Role Master Data

Editing Azure Active Directory Administrator Role Master Data

Administrator roles are loaded into One Identity Manager by synchronization. You can edit individual master data of administrator roles but cannot create new administrator roles in One Identity Manager.

To edit the master data of an administrator role

  1. Select the category Azure Active Directory | Administrator roles.
  2. Select the administrator role in the result list and run the task Change master data.
  3. Edit the administrator role's master data.
  4. Save the changes.
Table 44: Administrator Role Master Data

Property

Description

Display name

The display name is used to display the administrator role in the One Identity Manager tool's user interface.

Tenant

The administrator role's tenant.

Template ID.

ID of the administrator role template on which this administrator role was based.

IT Shop

Specifies whether the administrator role can be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. The administrator role can still be assigned directly to user accounts and hierarchical roles.

Only for use in IT Shop

Specifies whether the administration role can only be requested through the IT Shop. The administrator role can be ordered by its employees over the Web Portal and distributed using a defined approval process. You cannot assign an administrator role directly to a hierarchical role.

Service item

Specifies a service item for using to request the administrator role through the IT Shop.

Risk index

Value for assessing the rich of assigning administrator roles to user accounts. Enter a value between 0 and 1. This property is only visible if the configuration parameter "QER\CalculateRiskIndex" is set.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

Categories for inheriting administrator roles. Administrator roles can be selectively inherited by user accounts. To do this, administrator roles and user accounts are divided into categories. Use the menu to allocate one or more categories to the administrator role.

Description

Spare text box for additional explanation.

Related Topics

Assigning Azure Active Directory Administrator Roles to Azure Active Directory User Accounts

Assigning Azure Active Directory Administrator Roles to Azure Active Directory User Accounts

Administrator roles can be assigned directly or indirectly to user accounts. In the case of indirect assignment, employees and administrator roles are assigned to hierarchical roles, such as, departments, cost centers, locations or business roles. The administrator roles assigned to an employee are calculated from the position in the hierarchy and the direction of inheritance.

If you add an employee to roles and that employee owns a user account, the user account is added to the administrator roles. Prerequisites for indirect assignment of employees to user accounts:

  • Assignment of employees and administrator roles is permitted for role classes (department, cost center, location or business role).
  • The user accounts are marked with the option Groups can be inherited.

Furthermore, administrator roles can be assigned to employees through IT Shop requests. Add employees to a shop as customers so that administrator roles can be assigned through IT Shop requests. All administrator roles assigned as products to this shop, can be requested by the customers. Requested administrator roles are assigned to the employees after approval is granted.

Detailed information about this topic

Assigning Azure Active Directory Administration Roles to Departments, Cost Centers and Locations

Assigning Azure Active Directory Administration Roles to Departments, Cost Centers and Locations

By assigning administrator roles to departments, cost centers or locations, you enable the group to be assigned to user accounts through these organizations.

To assign an administrator role to departments, cost centers or locations (non role-based login)

  1. Select the category Azure Active Directory | Administrator roles.
  2. Select the administrator role in the result list.
  3. Select Assign organizations.
  4. Assign organizations in Add assignments.

    • Assign departments on the Departments tab.
    • Assign locations on the Locations tab.
    • Assign cost centers on the Cost center tab.

    - OR -

    Remove the organizations from Remove assignments.

  5. Save the changes.

To assign administrator roles to departments, cost centers or locations (role-based login)

  1. Select the category Organizations | Departments.

    - OR -

    Select the category Organizations | Cost centers.

    - OR -

    Select the category Organizations | Locations.

  2. Select the department, cost center or location in the result list.
  3. Select Assign Azure Active Directory administrator roles in the task view.
  4. Assign administrator roles in Add assignments.

    - OR -

    Remove administrator roles in Remove assignments.

  5. Save the changes.
Related Topics

Assigning Azure Active Directory Administrator Roles to Business Roles

Assigning Azure Active Directory Administrator Roles to Business Roles

Installed Modules: Business Roles Module

By assigning administrator roles to business roles, the administrator role can be assigned to user accounts through these business roles.

To assign an administrator role to business roles (non role-based login)

  1. Select the category Azure Active Directory | Administrator roles.
  2. Select the administrator role in the result list.
  3. Select Assign business roles in the task view.
  4. Assign business roles in Add assignments.

    - OR -

    Remove business roles from Remove assignments.

  5. Save the changes.

To assign administrator roles to a business role (non role-based login)

  1. Select the category Business roles | <Role class>.
  2. Select the business role in the result list.
  3. Select Assign Azure Active Directory administrator roles in the task view.
  4. Assign administrator roles in Add assignments.

    - OR -

    Remove administrator roles in Remove assignments.

  5. Save the changes.
Related Topics
Related Documents