Chat now with support
Chat with Support

Identity Manager 9.2.1 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and identities Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login credentials for Azure Active Directory user accounts Azure Active Directory role management
Azure Active Directory role management tenants Enabling new Azure Active Directory role management features Azure Active Directory role main data Displaying Azure Active Directory scoped role assignments Displaying scoped role eligibilities for Azure Active Directory roles Overview of Azure Active Directory scoped role assignments Main data of Azure Active Directory scoped role assignments Managing Azure Active Directory scoped role assignments Adding Azure Active Directory scoped role assignments Editing Azure Active Directory scoped role assignments Deleting Azure Active Directory scoped role assignments Assigning Azure Active Directory scoped role assignments Assigning Azure Active Directory system roles to scopes through role assignments Assigning Azure Active Directory business roles to scopes though role assignments Assigning Azure Active Directory organizations to scopes through role assignments Overview of Azure Active Directory scoped role eligibilities Main data of Azure Active Directory scoped role assignments Managing Azure Active Directory scoped role eligibilities Adding Azure Active Directory scoped role eligibilities Editing Azure Active Directory scoped role eligibilities Deleting Azure Active Directory scoped role eligibilities Assigning Azure Active Directory scoped role eligibilities Assigning Azure Active Directory system roles to scopes through role eligibilities Assigning Azure Active Directory business roles to scopes though role eligibilities Assigning Azure Active Directory organizations to scopes through role eligibilities
Mapping Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory user identities Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory administrative units Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Adding Azure Active Directory scoped role assignments

Role management allows you to make additional role assignments for roles in Azure Active Directory partial scopes.

To assign a role assignment to a role

  1. In the Manager, select the Azure Active Directory > Roles category.
  2. Select the role in the result list.
  3. Select the Add or remove role assignments task.
  4. Click Add and enter the following information.
    • Principal: The main principal whose accesses are to be assigned such as a group or single user.
    • Application scope: The application scope for which the principal should be given access. - OR -
      Directory scope: The directory scope for which the principal should be given access.
    • Specify whether this assignment is a Direct assignment.

      NOTES: The Indirect assignment and Assignment request options are set by processes and cannot be set manually.

    • Request procedure: References the request procedure that results in the assignment.

      NOTE: The request procedure is set by processes and cannot be set manually.

    NOTE: There is more information available about role assignments for roles in PIM mode (Azure AD P2 license).

Related topics

Editing Azure Active Directory scoped role assignments

To edit the main data of a role assignment

  1. In the Manager, select the Azure Active Directory > Role assignments category.

  2. Select the role assignment in the result list.

  3. Select the Change main data task.

  4. Edit the main data of the role assignment.

  5. Save the changes.

Deleting Azure Active Directory scoped role assignments

To delete a role assignment

  1. In the Manager, select the Azure Active Directory > Role assignments category.

  2. Select the role assignment in the result list.

  3. Click in the result list.

  4. Confirm the security prompt with Yes.

  5. Save the changes.

Assigning Azure Active Directory scoped role assignments

In Azure Active Directory, active role assignments for groups can be assigned in specified partial scopes.

To assign a system role to scope

  1. In the Manager, select the Azure Active Directory > Scoped role assignments category.

  2. Select the role in the result list.

  3. Select the Assign system roles task.

  4. In the Add assignments pane, assign system roles.

    TIP: In the Remove assignments pane, you can remove assigned system roles.

    To remove an assignment

    • Select the system role and double-click .

  5. Save the changes.

To assign a business role to a scope

  1. In the Manager, select the Azure Active Directory > Scoped role assignments category.

  2. Select the role in the result list.

  3. Select the Assign business roles task.

  4. In the Add assignments pane, select the role class and assign business roles.

    TIP: In the Remove assignments pane, you can remove assigned business roles.

    To remove an assignment

    • Select the business role and double-click .

  5. Save the changes.

To assign an organization to a scope

  1. In the Manager, select the Azure Active Directory > Scoped role assignments category.

  2. Select the role in the result list.

  3. Select the Assign organizations task.

    In the Add assignments pane, assign the organizations:

    • On the Departments tab, assign departments.

    • On the Locations tab, assign locations.

    • On the Cost centers tab, assign cost centers.

    TIP: In the Remove assignments pane, you can remove assigned organizations.

    To remove an assignment

    • Select the organization and double-click .

  4. Save the changes.

Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating