Chat now with support
Chat with Support

Identity Manager 9.0 LTS - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and employees Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login information for Azure Active Directory user accounts Mapping of Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Editing Azure Active Directory system objects

The following table describes permitted editing methods of Azure Active Directory schema types and names restrictions required by system object processing.

Table 48: Methods available for editing schema types
Type Read Add Delete Refresh

Subscriptions (SubscribedSku)

Yes

No

No

No

Administrator roles (DirectoryRole)

Yes

No

No

Yes

User accounts (User)

Yes

Yes

Yes

Yes

Service plans (ServicePlanInfo)

Yes

No

No

No

Domains (VerifiedDomain)

Yes

No

No

No

Groups (Group)

Yes

Yes

Yes

Yes

License assignments to user accounts (LicenseAssignments)

Yes

Yes

Yes

Yes

License assignments to groups (GroupLicenseAssignments)

Yes

No

No

No

Tenants (Organization)

Yes

No

No

Yes

Applications (Application)

Yes

No

No

Yes

Service principle (ServicePrincipal)

Yes

No

No

Yes

App roles (AppRole)

Yes

No

No

No

Assignments to app roles (AppRoleAssignment)

Yes

Yes

Yes

Yes

Policies on activity-based timeout (ActivityBasedTimeoutPolicy)

Yes

No

No

No

Policies on home realm discovery (HomeRealmDiscoveryPolicy)

Yes

No

No

No

Policies on token issuance (TokenIssuancePolicy)

Yes

No

No

No

Policies on token lifetime (TokenLifetimePolicy)

Yes

No

No

No

Classifications (AADGroupClassificationLbl)

Yes

No

No

No

Azure Active Directory connector settings

The following settings are configured for the system connection with the Azure Active Directory connector.

Table 49: Azure Active Directory connector settings

Setting

Meaning

Client ID

Application ID that was generated during integration of One Identity Manager as an Azure Active Directory tenant application.

Variable: CP_ClientID

Login domain

Base domain or a verified domain of your Azure Active Directory tenant.

Variable: CP_OrganizationDomain

User name

User account name for logging in on Azure Active Directory if you have integrated One Identity Manager as a native client application in for Azure Active Directory tenant.

Variable: CP_Username

Password

The user account’s password.

Variable: CP_Password

Key

Key that was generated during registration of One Identity Manager as an Azure Active Directory web application of the tenant.

Variable: CP_Secret

Organization ID

The Azure Active Directory tenant ID.

Variable: OrganizationID

GuestInviteSendMail

Specifies whether the guest user invitation will be sent.

Default: True

Variable: GuestInviteSendMail

GuestInviteLanguage

Language to use for sending the guest user invitation.

Default: en-us

Variable: GuestInviteLanguage

GuestInviteCustomMessage

Personal welcome greeting for the guest user.

Variable: GuestInviteCustomMessage

GuestInviteRedirectUrl

URL to reroute guest users after they have accepted the invitation and registered.

Default: http://www.office.com

Variable: GuestInviteRedirectUrl

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating