Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Setting up synchronization with an Azure Active Directory tenant Basic data for managing an Azure Active Directory environment Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and service plans
Azure Active Directory subscriptions Disabled Azure Active Directory service plans
Reports about Azure Active Directory objects Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory

Assigning extended properties to Azure Active Directory administrator roles

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for an administrator role

  1. Select the Azure Active Directory | Administrator roles category.
  2. Select the administrator role in the result list.
  3. Select the Assign extended properties task.
  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .
  5. Save the changes.

For detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Azure Active Directory subscriptions and service plans

The user requires a subscription to access the service plans in Azure Active Directory. Users obtain all the service plans that are linked to a subscription. By assigning subscriptions directly to users, you make the subscriptions available to them. You can assign subscriptions to departments, cost centers, locations, business roles, or the IT Shop.

To prevent users from using individual service plans, so-called "disabled service plans" are mapped in One Identity Manager. Disabled service plans are created automatically in One Identity Manager after synchronization of the subscription. Disabled service plans are requested through the IT Shop or assigned to users through departments, cost centers, locations, business roles, or system roles.

The actual service plans available to the user in Azure Active Directory result from the user's subscription and the service plans associated with it, and the assignment of disabled service plans.

Azure Active Directory subscriptions

Information about subscriptions and service plans within a tenant is loaded into One Identity Manager during synchronization. In One Identity Manager, you cannot create new subscriptions or service plans. However, in One Identity Manager, you can edit certain master data for requesting the subscription in the IT Shop and for user account assignments.

Editing Azure Active Directory subscription master data

To edit subscription master data

  1. Select Azure Active Directory | Subscriptions.
  2. Select a subscription in the result list.
  3. Select the Change master data task.
  4. Edit the subscription's master data.
  5. Save the changes.
Table 38: Subscription master data

Property

Description

SKU display name

The SKU display name for the subscription, for example, AAD_Premium or RMSBASIC.

Tenant

Tenant entered for this subscription.

Subscription status The subscription status, for example, enabled (active).
Purchased licenses The number of licenses purchased.
Assigned licenses Number of actively used licenses.
Suspended licenses Number of suspended licenses.

Warning units

Number of licenses with a warn status.

IT Shop

Specifies whether the subscription can be requested through the IT Shop. This subscription can be requested by staff through the Web Portal and granted through a defined approval procedure. The subscription can still be assigned directly to user accounts and hierarchical roles.

Only for use in IT Shop

Specifies whether the subscription can only be requested through the IT Shop. This subscription can be requested by staff through the Web Portal and granted through a defined approval procedure. The subscription may not be assigned directly to hierarchical roles.

Service item

Service item data for requesting the subscription through the IT Shop.

Risk index

Value for evaluating the risk of assigning the subscription to user accounts. Enter a value between 0 and 1. This input field is only visible if the QER | CalculateRiskIndex configuration parameter is set.

For more detailed information about risk assessment, see the One Identity Manager Risk Assessment Administration Guide.

Category

Category for subscription inheritance. Subscriptions can be selectively inherited by user accounts. To do this, subscriptions and user accounts are divided into categories. Use this menu to allocate one or more categories to the subscription.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating