Extended properties are meta objects, such as operating codes, cost codes, or cost accounting areas that cannot be mapped directly in One Identity Manager.
To specify extended properties for a user account
-
In the Manager, select the SharePoint Online | User accounts (user authenticated) category.
- OR -
In the Manager, select the SharePoint Online | User accounts (group authenticated) category.
-
Select the user account in the result list.
-
Select the Assign extended properties task.
-
In the Add assignments pane, assign extended properties.
TIP: In the Remove assignments pane, you can remove assigned extended properties.
To remove an assignment
- Select the extended property and double-click
.
- Save the changes.
For more information about extended properties, see the One Identity Manager Identity Management Base Module Administration Guide.
If a user account is deleted in One Identity Manager, it is initially marked for deletion. The user account is therefore locked. Depending on the deferred deletion setting, the user account is either deleted from the One Identity Manager database immediately, or at a later date.
NOTE: As long as an account definition for an employee is valid, the employee retains the user account that was created by it. If the assignment of an account definition is removed, the user account that was created from this account definition is deleted.
To delete a user account that is not managed using an account definition
-
In the Manager, select the SharePoint Online | User accounts (user authenticated) category.
- OR -
In the Manager, select the SharePoint Online | User accounts (group authenticated) category.
-
Select the user account in the result list.
-
Click 
to delete the user account.
- Confirm the security prompt with Yes.
To restore a user account
-
In the Manager, select the SharePoint Online | User accounts (user authenticated) category.
- OR -
In the Manager, select the SharePoint Online | User accounts (group authenticated) category.
-
Select the user account in the result list.
-
Click 
in the result list.
Configuring deferred deletion
By default, user accounts are finally deleted from the database after 30 days.You can reenable the user accounts until deferred deletion is run. After deferred deletion is run, the user accounts are deleted from the database and cannot be restored anymore.In the Designer, you can set an alternative delay on the O3SUser table.
You can use groups in SharePoint Online to provide users with the same permissions. Groups that you add for site collections are valid for all sites in that site collection. SharePoint Online roles that you define for a site are assigned directly to groups. All user accounts that are members of these groups obtain the permissions defined in the SharePoint Online roles for this site.
You can edit the following group data in the One Identity Manager:
- Object properties like display name, owner, or visibility of memberships
- Assigned SharePoint Online role and user accounts
- Usage in the IT Shop
- Risk assessment
- Inheritance through roles and inheritance restrictions
Detailed information about this topic
Related topics
in the result list.