Managing Azure Active Directory Environments
Setting Up Synchronization with an Azure Active Directory Tenant
Users and Permissions for Synchronizing with Azure Active Directory
Integrating One Identity Manager into Azure Active Directory as an Application
Setting Up the Synchronization Server
Creating a Synchronization Project for initial Synchronization of an Azure Active Directory Tenant
Show Synchronization Results
Customizing Synchronization Configuration
Base Data for Managing Azure Active Directory
Configuring Synchronization with Azure Active Directory Tenants
Configuring Synchronization of Different Azure Active Directory Tenants
Updating Schemas
Post-Processing Outstanding Objects
Configuring Memberships Provisioning
Supporting Analysis of Synchronization Issues
Deactivating Synchronization
Setting Up Account Definitions
Azure Active Directory Core Directories
Creating an Account Definition
Setting Up Manage Levels
Creating a Formatting Rule for IT Operating Data
Determining IT Operating Data
Modifying IT Operating Data
Assigning Account Definitions to Employees
Password Policies
Assigning Account Definitions to Departments, Cost Centers and Locations
Assigning Account Definitions to Business Roles
Assigning Account Definitions to all Employees
Assigning Account Definitions Directly to Employees
Assigning Account Definitions to System Roles
Adding Account Definitions in the IT Shop
Assigning Account Definitions to a Target System
Deleting an Account Definition
Predefined Password Policies
Editing Password Policies
Custom Scripts for Password Requirements
Restricted Passwords
Testing a Password
Testing Generating a Password
Assigning a Password Policy
Initial Password for New Azure Active Directory User Accounts
Email Notifications about Login Data
Target System Managers
Editing a Server
Azure Active Directory Tenant
Azure Active Directory user accounts
General Master Data for a Azure Active Directory Tenant
Local Active Directory Data
Specifying Categories for Inheriting Permissions
How to Edit a Synchronization Project
Azure Active Directory Domains
Linking User Accounts to Employees
Supported User Account Types
Entering Master Data for Azure Active Directory User Accounts
Azure Active Directory groups
General Master Data for a Azure Active Directory User Account
Contact Data for a Azure Active Directory User Account
Organizational Data for an Azure Active Directory User Account
Active Directory User Account Local Data
Additional Tasks for Managing Azure Active Directory User Accounts
Overview of Azure Active Directory User Accounts
Changing the Manage Level of an Azure Active Directory User Account
Assigning Azure Active Directory Groups Directly to Azure Active Directory User Accounts
Assigning Azure Active Directory Administrator Roles directly to Azure Active Directory User Accounts
Assigning Azure Active Directory Subscriptions directly to Azure Active Directory User Accounts
Assigning Disabled Azure Active Directory Service Plans directly to Azure Active Directory User Accounts
Assigning Extended Properties to an Azure Active Directory User Account
Automatic Assignment of Employees to Azure Active Directory User Accounts
Disabling Azure Active Directory User Accounts
Deleting and Restoring Azure Active Directory User Accounts
Editing Azure Active Directory Group Master Data
Azure Active Directory Administrator Roles
General Master Data for an Azure Active Directory Group
Information about Local Active Directory Groups
Assigning Azure Active Directory Groups to Azure Active Directory User Accounts
Assigning Azure Active Directory Groups to Departments, Cost Centers and Locations
Assigning Azure Active Directory Groups to Business Roles
Assigning Azure Active Directory User Accounts directly to an Azure Active Directory Group
Adding Azure Active Directory Groups to System Roles
Adding Azure Active Directory Groups to the IT Shop
Additional Tasks for Managing Azure Active Directory Groups
Overview of Azure Active Directory Groups
Adding Azure Active Directory Groups to Azure Active Directory Groups
Effectiveness of Group Memberships
Azure Active Directory Group Inheritance Based on Categories
Assigning Owners to Azure Active Directory Groups
Assigning Extended Properties to an Azure Active Directory Group
Deleting Azure Active Directory Groups
Editing Azure Active Directory Administrator Role Master Data
Assigning Azure Active Directory Administrator Roles to Azure Active Directory User Accounts
Azure Active Directory Subscriptions and Service Plans
Assigning Azure Active Directory Administration Roles to Departments, Cost Centers and Locations
Assigning Azure Active Directory Administrator Roles to Business Roles
Assigning Azure Active Directory User Accounts directly to Azure Active Directory Administrator Roles
Adding Azure Active Directory Administrator Roles to System Roles
Adding Azure Active Directory Administrator Roles in the IT Shop
Additional Tasks for Managing Azure Active Directory Administrator Roles
Azure Active Directory Subscriptions
Reports about Azure Active Directory Objects
Appendix: Configuration Parameters for Managing Azure Active Directory
Appendix: Default Project Template for Azure Active Directory
Editing Azure Active Directory Subscription Master Data
Assigning Azure Active Directory Subscriptions to Azure Active Directory User Accounts
Disabled Azure Active Directory Service Plan
Assigning Azure Active Directory Subscriptions to Departments, Cost Centers and Locations
Assigning Azure Active Directory Subscriptions to Business Roles
Assigning Azure Active Directory User Accounts directly to an Azure Active Directory Subscription
Adding Azure Active Directory Subscriptions to System Roles
Adding Azure Active Directory Subscriptions to the IT Shop
Additional Tasks for Managing Azure Active Directory Subscriptions
Editing Master Data of Disabled Azure Active Directory Service Plans
Assigning Disabled Azure Active Directory Service Plans to Azure Active Directory User Accounts
Assigning Disabled Azure Active Directory Service Plans to Departments, Cost Centers and Locations
Assigning Disabled Azure Active Directory Service Plans to Business Roles
Assigning Azure Active Directory User Accounts directly to Azure Active Directory Service Plans
Adding Disabled Azure Active Directory Service Plans to System Roles
Adding Disabled Azure Active Directory Service Plans to the IT Shop
Additional Tasks for Managing Disabled Azure Active Directory Service Plans
Adding Disabled Azure Active Directory Service Plans to the IT Shop
Azure Active Directory Subscriptions and Service Plans > Disabled Azure Active Directory Service Plan > Assigning Disabled Azure Active Directory Service Plans to Azure Active Directory User Accounts > Adding Disabled Azure Active Directory Service Plans to the IT Shop
Adding Disabled Azure Active Directory Service Plans to the IT Shop
A disabled service plan can be requested by shop customers when it is assigned to an IT Shop shelf. To ensure it can be requested, further prerequisites need to be guaranteed.
- The disabled service plan must be labeled with the option IT Shop.
- The disabled service plan must be assigned to a service item.
- If the disabled service plan is only assigned to employees using IT Shop requests, you must also set the option Only for use in IT Shop. Direct assignment to hierarchical roles may not be possible.
|
|
NOTE: IT Shop administrators can assign disabled service plans to IT Shop shelves in the case of role-based login. Target system administrators are not authorized to add disabled service plans in the IT Shop. |
To add a disabled service plan in the IT Shop
- Select the category Azure Active Directory | Disabled service plan (non role-based login).
- OR -
Select the category Entitlements | Disabled Azure Active Directory service plans (role-based subscription).
- Select the service plan in the result list.
- Select Add to IT Shop in the task view.
- Assign the disabled service plan to the IT Shop in Add assignments.
- Save the changes.
To remove a disabled service plan from individual IT Shop shelves
- Select the category Azure Active Directory | Disabled service plan (non role-based login).
- OR -
Select the category Entitlements | Disabled Azure Active Directory service plans (role-based subscription).
- Select the service plan in the result list.
- Select Add to IT Shop in the task view.
- Remove the disabled service plan from the IT Shop shelves in Remove assignments.
- Save the changes.
To remove a disabled service plan from all IT Shop shelves
- Select the category Azure Active Directory | Disabled service plan (non role-based login).
- OR -
Select the category Entitlements | Disabled Azure Active Directory service plans (role-based subscription).
- Select the service plan in the result list.
- Select Remove from all shelves (IT Shop) in the task view.
- Confirm the security prompt with Yes.
- Click OK.
The disabled service plan is removed from all shelves by the One Identity Manager Service. All requests and assignment requests with this disabled service plan are canceled in the process.
For more detailed information about request from company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.
Related Topics
- Assigning Disabled Azure Active Directory Service Plans to Departments, Cost Centers and Locations
- Assigning Disabled Azure Active Directory Service Plans to Business Roles
- Assigning Azure Active Directory User Accounts directly to Azure Active Directory Service Plans
- Adding Disabled Azure Active Directory Service Plans to System Roles
Additional Tasks for Managing Disabled Azure Active Directory Service Plans
Azure Active Directory Subscriptions and Service Plans > Disabled Azure Active Directory Service Plan > Additional Tasks for Managing Disabled Azure Active Directory Service Plans
Additional Tasks for Managing Disabled Azure Active Directory Service Plans
After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.
Overview of Disabled Azure Active Directory Service Plans
Effectiveness of Assignments of Disabled Service Plans
Inheritance of Disabled Azure Active Directory Service Plans Based on Categories
Assigning Extended Properties to a disabled Azure Active Directory Service Plan
Overview of Disabled Azure Active Directory Service Plans
Azure Active Directory Subscriptions and Service Plans > Disabled Azure Active Directory Service Plan > Additional Tasks for Managing Disabled Azure Active Directory Service Plans > Overview of Disabled Azure Active Directory Service Plans
Overview of Disabled Azure Active Directory Service Plans
To obtain an overview of a disabled service plan
- Select the category Azure Active Directory | Disabled service plans.
- Select the service plan in the result list.
- Select Disabled Azure Active Directory service plan overview.
Effectiveness of Assignments of Disabled Service Plans
Azure Active Directory Subscriptions and Service Plans > Disabled Azure Active Directory Service Plan > Additional Tasks for Managing Disabled Azure Active Directory Service Plans > Effectiveness of Assignments of Disabled Service Plans
Effectiveness of Assignments of Disabled Service Plans
You can also apply the behavior described under Effectiveness of Group Memberships for disabled service plans. The effect of the assignments is mapped in the tables AADUserHasDeneiedService and AADBaseTreeHasDeniedService through the column XIsInEffect.
Prerequisites
- The configuration parameter "QER\Structures\Inherite\GroupExclusion" is set.
- Mutually exclusive groups belong to the same tenant.
To exclude subscriptions
- Select the category Azure Active Directory | Disabled service plans.
- Select the disabled service plan from the result list.
- Select Exclude disabled service plans in the task view.
- Assign disabled service plans that are mutually exclusive to the selected one, in Add assignments.
- OR -
Remove disabled service plans that are no longer mutually exclusive, in Remove assignments.
- Save the changes.