Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory Environments Setting Up Synchronization with an Azure Active Directory Tenant Base Data for Managing Azure Active Directory Azure Active Directory Core Directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory Administrator Roles Azure Active Directory Subscriptions and Service Plans
Azure Active Directory Subscriptions Disabled Azure Active Directory Service Plan
Reports about Azure Active Directory Objects Appendix: Configuration Parameters for Managing Azure Active Directory Appendix: Default Project Template for Azure Active Directory

Adding Disabled Azure Active Directory Service Plans to the IT Shop

Adding Disabled Azure Active Directory Service Plans to the IT Shop

A disabled service plan can be requested by shop customers when it is assigned to an IT Shop shelf. To ensure it can be requested, further prerequisites need to be guaranteed.

  • The disabled service plan must be labeled with the option IT Shop.
  • The disabled service plan must be assigned to a service item.
  • If the disabled service plan is only assigned to employees using IT Shop requests, you must also set the option Only for use in IT Shop. Direct assignment to hierarchical roles may not be possible.

NOTE: IT Shop administrators can assign disabled service plans to IT Shop shelves in the case of role-based login. Target system administrators are not authorized to add disabled service plans in the IT Shop.

To add a disabled service plan in the IT Shop

  1. Select the category Azure Active Directory | Disabled service plan (non role-based login).

    - OR -

    Select the category Entitlements | Disabled Azure Active Directory service plans (role-based subscription).

  2. Select the service plan in the result list.
  3. Select Add to IT Shop in the task view.
  4. Assign the disabled service plan to the IT Shop in Add assignments.
  5. Save the changes.

To remove a disabled service plan from individual IT Shop shelves

  1. Select the category Azure Active Directory | Disabled service plan (non role-based login).

    - OR -

    Select the category Entitlements | Disabled Azure Active Directory service plans (role-based subscription).

  2. Select the service plan in the result list.
  3. Select Add to IT Shop in the task view.
  4. Remove the disabled service plan from the IT Shop shelves in Remove assignments.
  5. Save the changes.

To remove a disabled service plan from all IT Shop shelves

  1. Select the category Azure Active Directory | Disabled service plan (non role-based login).

    - OR -

    Select the category Entitlements | Disabled Azure Active Directory service plans (role-based subscription).

  2. Select the service plan in the result list.
  3. Select Remove from all shelves (IT Shop) in the task view.
  4. Confirm the security prompt with Yes.
  5. Click OK.

    The disabled service plan is removed from all shelves by the One Identity Manager Service. All requests and assignment requests with this disabled service plan are canceled in the process.

For more detailed information about request from company resources through the IT Shop, see the One Identity Manager IT Shop Administration Guide.

Related Topics

Additional Tasks for Managing Disabled Azure Active Directory Service Plans

Additional Tasks for Managing Disabled Azure Active Directory Service Plans

After you have entered the master data, you can apply different tasks to it. The task view contains different forms with which you can run the following tasks.

Overview of Disabled Azure Active Directory Service Plans

Overview of Disabled Azure Active Directory Service Plans

To obtain an overview of a disabled service plan

  1. Select the category Azure Active Directory | Disabled service plans.
  2. Select the service plan in the result list.
  3. Select Disabled Azure Active Directory service plan overview.

Effectiveness of Assignments of Disabled Service  Plans

Effectiveness of Assignments of Disabled Service  Plans

You can also apply the behavior described under Effectiveness of Group Memberships for disabled service plans. The effect of the assignments is mapped in the tables AADUserHasDeneiedService and AADBaseTreeHasDeniedService through the column XIsInEffect.

Prerequisites
  • The configuration parameter "QER\Structures\Inherite\GroupExclusion" is set.
  • Mutually exclusive groups belong to the same tenant.

To exclude subscriptions

  1. Select the category Azure Active Directory | Disabled service plans.
  2. Select the disabled service plan from the result list.
  3. Select Exclude disabled service plans in the task view.
  4. Assign disabled service plans that are mutually exclusive to the selected one, in Add assignments.

    - OR -

    Remove disabled service plans that are no longer mutually exclusive, in Remove assignments.

  5. Save the changes.
Related Documents