Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory Environments Setting Up Synchronization with an Azure Active Directory Tenant Base Data for Managing Azure Active Directory Azure Active Directory Core Directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory Administrator Roles Azure Active Directory Subscriptions and Service Plans
Azure Active Directory Subscriptions Disabled Azure Active Directory Service Plan
Reports about Azure Active Directory Objects Appendix: Configuration Parameters for Managing Azure Active Directory Appendix: Default Project Template for Azure Active Directory

Inheritance of Disabled Azure Active Directory Service Plans Based on Categories

Inheritance of Disabled Azure Active Directory Service Plans Based on Categories

You can also apply the behavior described under Azure Active Directory Group Inheritance Based on Categories for disabled service plans.

To use inheritance through categories

  • Define the categories in the tenant.
  • Assign categories to user accounts through their master data.
  • Assign categories to disabled service plans through their master data.
Related Topics

Assigning Extended Properties to a disabled Azure Active Directory Service Plan

Assigning Extended Properties to a disabled Azure Active Directory Service Plan

Extended properties are meta objects that cannot be mapped directly in the One Identity Manager, for example, operating codes, cost codes or cost accounting areas.

To specify extended properties for a disabled service plan

  1. Select the category Azure Active Directory | Disabled service plans.
  2. Select the service plan in the result list.
  3. Select Assign extended properties in the task view.
  4. Assign extended properties in Add assignments.

    The view- OR -

    Remove extended properties from Remove assignments.

  5. Save the changes.

For more detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Reports about Azure Active Directory Objects

Reports about Azure Active Directory Objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for Azure Active Directory.

NOTE: Other sections may be available depending on the which modules are installed.
Table 47: Reports for the Target SystemClosed

Report

Description

Overview of all Assignments

This report finds all roles containing employees with at least one user account in the selected tenant.

Show orphaned user accounts

This report shows all user accounts in the tenant, which are not assigned to an employee. The report contains group memberships and risk assessment.

Show employees with multiple user accounts

This report shows all employees with more than one user account in the tenant. The report is a risk assessment.

Show unused user accounts

This report shows all the tenant's user accounts that have not been used in the last few months. The report contains group memberships and risk assessment.

Show entitlement drifts

This report shows all the groups in the tenant, which are the result of manual operations in the target system rather than provisioned through One Identity Manager.

Show user accounts with an above average number of system entitlements

This report contains all user accounts in the tenant with an above average number of group memberships.

Azure Active Directory user account and group administration

This report contains a summary of user account and group distribution in all tenants. You can find this report in the category My One Identity Manager.

Data quality summary for Azure Active Directory user accounts

This report contains different evaluations of user account data quality in all tenants. You can find this report in the category My One Identity Manager.

Overview of all Assignments

Overview of all Assignments

The report "Overview of all Assignments" is displayed for certain objects, for example, permissions, compliance rules or roles. The report finds all the roles, for example, departments, cost centers, locations, business roles and IT Shop structures in which there are employee who own the selected base object. In this case, direct as well as indirect base object assignments are included.

Example
  • If the report is created for a resource, all roles are determined in which there are employees with this resource.
  • If the report is created for a group, all roles are determined in which there are employees with this group.
  • If the report is created for a compliance rule, all roles are determined in which there are employees with this compliance rule.
  • If the report is created for a department, all roles are determined in which employees of the selected department are also members.
  • If the report is created for a business role, all roles are determined in which employees of the selected business role are also members.

To display detailed information about assignments

  • To display the report, select the base object from the navigation or the result list and select the report Overview of all assignments.
  • Use the Used by button in the report's toolbar to select the role class (department, location, business role or IT Shop structure) for which you determine if roles exist in which there are employees with the selected base object.

    All the roles of the selected role class are shown. The color coding of elements identifies the role in which there are employees with the selected base object. The meaning of the report control elements is explained in a separate legend. In the report's toolbar, click to open the legend.

  • Double-click a control to show all child roles belonging to the selected role.
  • By clicking the button in a role's control, you display all employees in the role with the base object.
  • Use the small arrow next to to start a wizard that allows you to bookmark this list of employee for tracking. This creates a new business role to which the employees are assigned.

Figure 3: Toolbar for Report "Overview of all assignments"

Table 48: Meaning of Icons in the Report Toolbar
Icon Meaning
Show the legend with the meaning of the report control elements
Saves the current report view as a graphic.
Selects the role class used to generate the report.

Displays all roles or only the affected roles.

Related Documents