Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory Environments Setting Up Synchronization with an Azure Active Directory Tenant Base Data for Managing Azure Active Directory Azure Active Directory Core Directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory Administrator Roles Azure Active Directory Subscriptions and Service Plans
Azure Active Directory Subscriptions Disabled Azure Active Directory Service Plan
Reports about Azure Active Directory Objects Appendix: Configuration Parameters for Managing Azure Active Directory Appendix: Default Project Template for Azure Active Directory

Assigning Azure Active Directory User Accounts directly to Azure Active Directory Administrator Roles

Assigning Azure Active Directory User Accounts directly to Azure Active Directory Administrator Roles

Administrator roles can be assigned directly or indirectly to user accounts. Indirect assignment is carried out by allocating the employee and administrator roles in company structures, like departments, cost centers, locations or business roles. If the employee has a user account in Azure Active Directory, the administrator roles in the role are inherited by this user account.

To react quickly to special requests, you can assign administrator roles directly to user accounts.

To assign a user account directly to an administrator role.

  1. Select the category Azure Active Directory | Administrator roles.
  2. Select the administrator role in the result list.
  3. Select Assign user accounts in the task view.
  4. Assign user accounts in Add assignments.

    The view- OR -

    Remove user accounts from Remove assignments.

  5. Save the changes.
Related Topics

Adding Azure Active Directory Administrator Roles to System Roles

Adding Azure Active Directory Administrator Roles to System Roles

Installed Modules: System Roles Module

Use this task to add an administrator role to system roles. When you assign a system role to an employee, the administrator roles are inherited by all user accounts that these employees have.

NOTE: Administrator roles with the option Only use in IT Shop set, can only be assigned to system roles that also have this option set. For more information, see the One Identity Manager System Roles Administration Guide.

To assign an administrator role to system roles

  1. Select the category Azure Active Directory | Administrator roles.
  2. Select the administrator role in the result list.
  3. Select Assign system roles in the task view.
  4. Assign system roles in Add assignments.

    - OR -

    Remove system roles from Remove assignments.

  5. Save the changes.
Related Topics

Adding Azure Active Directory Administrator Roles in the IT Shop

Adding Azure Active Directory Administrator Roles in the IT Shop

Once an administration role has been assigned to an IT Shop shelf, it can be requested by the shop customers. To ensure it can be requested, further prerequisites need to be guaranteed.

  • The administrator role must be labeled with the option IT Shop.
  • The administrator role must be assigned to a service item.
  • The administrator role must be also labeled with the option Only use in IT Shop if the administrator role can only be assigned to employees using IT Shop requests. Direct assignment to hierarchical roles may not be possible.

NOTE: IT Shop administrators can assign administrator roles to IT Shop shelves in the case of role-based login. Target system administrators are not authorized to add administrator roles in the IT Shop.

To add an administrator role in the IT Shop

  1. Select the category Azure Active Directory | Administrator roles (non role-based login).

    - OR -

    Select the category Entitlements | Azure Active Directory administrator roles (role-based login).

  2. Select the administrator role in the result list.
  3. Select Add to IT Shop in the task view.
  4. Assign an administration role to the IT Shop shelf in Add assignments.
  5. Save the changes.

To remove a role from individual IT Shop shelves

  1. Select the category Azure Active Directory | Administrator roles (non role-based login).

    - OR -

    Select the category Entitlements | Azure Active Directory administrator roles (role-based login).

  2. Select the administrator role in the result list.
  3. Select Add to IT Shop in the task view.
  4. Remove the administrator role from IT Shop shelves in Remove assignments.
  5. Save the changes.

To remove an administrator role from individual IT Shop shelves

  1. Select the category Azure Active Directory | Administrator roles (non role-based login).

    - OR -

    Select the category Entitlements | Azure Active Directory administrator roles (role-based login).

  2. Select the administrator role in the result list.
  3. Select Remove from all shelves (IT Shop) in the task view.
  4. Confirm the security prompt with Yes.
  5. Click OK.

    The administrator role is removed from all shelves by the One Identity Manager Service. All requests and assignment requests with this administrator role are canceled in the process.

For more detailed information about request from company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related Topics

Additional Tasks for Managing Azure Active Directory Administrator Roles

Additional Tasks for Managing Azure Active Directory Administrator Roles

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

Related Documents