Chat now with support
Chat with Support

Identity Manager 8.1.4 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Setting up synchronization with an Azure Active Directory tenant Basic data for managing an Azure Active Directory environment Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and service plans
Azure Active Directory subscriptions Disabled Azure Active Directory service plans
Reports about Azure Active Directory objects Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory

Effectiveness of subscription assignments

The procedure described under Effectiveness of group memberships can also be used for subscriptions. The effect of the assignments is mapped in the AADUserHasSubSku and AADBaseTreeHasSubSku tables through the XIsInEffect column.

Prerequisites
  • The QER | Structures | Inherite | GroupExclusion configuration parameter is set.
  • Mutually exclusive subscriptions belong to the same tenant.

To exclude subscriptions

  1. Select the Azure Active Directory | Subscriptions category.
  2. Select a subscription in the result list.
  3. Select the Exclude subscriptions task.
  4. In the Add assignments pane, assign the subscriptions that are mutually exclusive to the selected assignment.

    - OR -

    In the Remove assignments pane, delete the subscriptions that no longer exclude each other.

  5. Save the changes.

Inheriting Azure Active Directory subscriptions based on categories

The procedure described under Azure Active Directory group inheritance based on categories can also be used for subscriptions.

To use inheritance through categories

  • Define the categories in the tenant.
  • Assign categories to user accounts through their master data.
  • Assign categories to subscriptions through their master data.
Related topics

Assigning additional properties to an Azure Active Directory subscription

Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.

To specify extended properties for a subscription

  1. Select the Azure Active Directory | Subscriptions category.
  2. Select a subscription in the result list.
  3. Select the Assign extended properties task.
  4. In the Add assignments pane, assign extended properties.

    TIP: In the Remove assignments pane, you can remove assigned extended properties.

    To remove an assignment

    • Select the extended property and double-click .
  5. Save the changes.

For detailed information about using extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.

Disabled Azure Active Directory service plans

To prevent users from using individual service plans, so-called "disabled service plans" are mapped in One Identity Manager. Disabled service plans are created automatically in One Identity Manager after synchronization of the subscription. Disabled service plans are requested through the IT Shop or assigned to users through departments, cost centers, locations, business roles, or system roles.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating