Chat now with support
Chat with Support

Identity Manager 8.2.1 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization
Managing Azure Active Directory user accounts and employees Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login information for Azure Active Directory user accounts Mapping of Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory applications and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Azure Active Directory applications and Azure Active Directory service principals

When an application is registered in an Azure Active Directory tenant, it creates an associated Azure Active Directory service principal. There are so-called app roles defined for applications. Azure Active Directory users, Azure Active Directory groups, or Azure Active Directory service principals can use app roles to provide permissions or functions for the application.

For detailed information about integrating applications into Azure Active Directory, see the Azure Active Directory documentation from Microsoft.

Information about Azure Active Directory applications, Azure Active Directory service principals, and app roles within an Azure Active Directory tenant is loaded into One Identity Manager during synchronization. You cannot create new Azure Active Directory applications, Azure Active Directory service principals, and app roles in One Identity Manager but you can specify owners of applications and service principals and create or delete app roles in One Identity Manager.

Detailed information about this topic

Displaying information about Azure Active Directory applications

The information about the Azure Active Directory application is loaded into One Identity Manager during synchronization. All the Azure Active Directory applications with their Azure Active Directory service principals that are registered in this Azure Active Directory tenant are loaded for each Azure Active Directory tenant.

IF an Azure Active Directory application is used in an Azure Active Directory tenant that is registered in another Azure Active Directory tenant, only the Azure Active Directory service principal and not the Azure Active Directory application is loaded into One Identity Manager.

You cannot create Azure Active Directory applications in One Identity Manager.

To display information about an Azure Active Directory application

  1. In the Manager, select the Azure Active Directory > Applications category.

  2. In the result list, select the Azure Active Directory application.

  3. Select one of the following tasks:

    • Azure Active Directory application overview: This shows you an overview of the Azure Active Directory application and its dependencies.

    • Change main data: Shows the Azure Active Directory application's main data.

    • Assign owners: Shows the Azure Active Directory application's owners. You can assign owners to an application or remove them again.

Related topics

Assigning owners to Azure Active Directory applications

Use this task to assign owners to an Azure Active Directory application or to remove them from an Azure Active Directory application. Owners of Azure Active Directory application can show the application registration in Azure Active Directory and edit it.

To assign owners to an Azure Active Directory application

  1. In the Manager, select the Azure Active Directory > Applications category.

  2. In the result list, select the Azure Active Directory application.

  3. Select the Assign owner task.

  4. In the Table menu, select the Azure Active Directory user accounts (AADUser) item.

  5. In the Add assignments pane, assign owners.

    TIP: In the Remove assignments pane, you can remove assigned owners.

    To remove an assignment

    • Select the owner and double-click .

  6. Save the changes.

Displaying Azure Active Directory applications

The information about the Azure Active Directory application is loaded into One Identity Manager during synchronization. You cannot edit Azure Active Directory application main data.

To display an Azure Active Directory application's main data

  1. In the Manager, select the Azure Active Directory > Applications category.

  2. In the result list, select the Azure Active Directory application.

  3. Select Change main data.

Table 38: Azure Active Directory application main data

Property

Description

Display name

Display name of the application.

Publisher domain

Name of the application's verified publisher domain.

Registration date

Date and time when the application was registered.

Group membership claim

Group membership claim expected by the application. Group types that are included in the access, ID, and SAML tokens. Permitted values are:

  • None: No group types

  • All: All group types

  • Security groups: Security groups with the user as a member.

Logo URL

Link to the application's logo.

Marketing URL

Link to the application's marketing page.

Privacy statement URL

Link to the application's privacy statement.

Service URL

Link to the application's support page.

Terms of service URL

Link to the application's terms of service.

Fallback public client

Specifies whether the fallback application type is a public client, such as an application installed and running on a mobile device. The default value is false meaning the fallback application type is a confidential client such as a web application. If the option is disabled, it means that the fallback application type is a confidential client, such as a web application (default).

Supported user accounts

Specifies which Microsoft user accounts for the current application are supported. Permitted values are:

  • Accounts in this organizational directory only

  • Accounts in any organizational directory

  • Accounts in any organizational directory and personal Microsoft accounts

  • Only personal Microsoft accounts

Token issuance policies

Name of the policy for issuing tokens.

Token lifetime policy

Name of the policy for token lifetimes.

Tags

User-defined string to use for categorizing and identifying the application.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating