Chat now with support
Chat with Support

Identity Manager 9.3 - Administration Guide for Connecting to Microsoft Entra ID

Managing Microsoft Entra ID environments Synchronizing a Microsoft Entra ID environment
Setting up initial synchronization with a Microsoft Entra ID tenant Adjusting the synchronization configuration for Microsoft Entra ID environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Microsoft Entra ID user accounts and identities Managing memberships in Microsoft Entra ID groups Managing Microsoft Entra ID administrator roles assignments Managing Microsoft Entra ID subscription and Microsoft Entra ID service plan assignments
Displaying enabled and disabled Microsoft Entra ID service plans forMicrosoft Entra ID user accounts and Microsoft Entra ID groups Assigning Microsoft Entra ID subscriptions to Microsoft Entra ID user accounts Assigning disabled Microsoft Entra ID service plans to Microsoft Entra ID user accounts Inheriting Microsoft Entra ID subscriptions based on categories Inheritance of disabled Microsoft Entra ID service plans based on categories
Login credentials for Microsoft Entra ID user accounts Microsoft Entra ID role management
Microsoft Entra ID role management tenants Enabling new Microsoft Entra ID role management features Microsoft Entra ID role main data Main data of Microsoft Entra ID role settings Displaying Microsoft Entra ID role settings main data Assigning temporary access passes to Microsoft Entra ID user accounts Displaying Microsoft Entra ID scoped role assignments Displaying scoped role eligibilities for Microsoft Entra ID roles Overview of Microsoft Entra ID scoped role assignments Main data of Microsoft Entra ID scoped role assignments Managing Microsoft Entra ID scoped role assignments Adding Microsoft Entra ID scoped role assignments Editing Microsoft Entra ID scoped role assignments Deleting Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role assignments Assigning Microsoft Entra ID business roles to scopes though role assignments Assigning Microsoft Entra ID organizations to scopes through role assignments Overview of Microsoft Entra ID scoped role eligibilities Main data of Microsoft Entra ID scoped role eligibilities Managing Microsoft Entra ID scoped role eligibilities Adding Microsoft Entra ID scoped role eligibilities Editing Microsoft Entra ID scoped role eligibilities Deleting Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role eligibilities Assigning Microsoft Entra ID business roles to scopes though role eligibilities Assigning Microsoft Entra ID organizations to scopes through role eligibilities
Mapping Microsoft Entra ID objects in One Identity Manager
Microsoft Entra ID core directories Microsoft Entra ID user accounts Microsoft Entra ID user identities Microsoft Entra ID groups Microsoft Entra ID administrator roles Microsoft Entra ID administrative units Microsoft Entra ID subscriptions and Microsoft Entra ID service principals Disabled Microsoft Entra ID service plans Microsoft Entra ID app registrations and Microsoft Entra ID service principals Reports about Microsoft Entra ID objects Managing Microsoft Entra ID security attributes
Handling of Microsoft Entra ID objects in the Web Portal Recommendations for federations Basic data for managing a Microsoft Entra ID environment Troubleshooting Configuration parameters for managing a Microsoft Entra ID environment Default project template for Microsoft Entra ID Editing Microsoft Entra ID system objects Microsoft Entra ID connector settings

Displaying Microsoft Entra ID service principals for enterprise applications

This task allows you to display the service principals that represent enterprise applications.

To display enterprise applications

  1. In the Manager, select the Microsoft Entra ID > Service principals category.

  2. Select one of the following entries:

    • By type > Application > Enterprise applications

    • By type > Legacy > Enterprise applications

  3. In the result list, select the Microsoft Entra ID service principal.

  4. Select one of the following tasks:

    • Microsoft Entra ID service principal overview: This shows you an overview of the Microsoft Entra ID service principal and its dependencies.

    • Change main data: This displays the Microsoft Entra ID service principal's main data.

    • Assign owners: This displays the Microsoft Entra ID service principals owners. You can assign owners to a service principal or remove them.

    • Assign authorizations: This displays user accounts, groups, and service principals with their assigned app roles. You can create more authorizations or removed them.

Related topics

Displaying Microsoft Entra ID service principal main data

The information about the Microsoft Entra ID service principal is loaded into One Identity Manager during synchronization. You cannot edit Microsoft Entra ID service principal main data.

To display a Microsoft Entra ID service principal's main data

  1. In the Manager, select the Microsoft Entra ID > Service principals category.

  2. In the result list, select the Microsoft Entra ID service principal.

  3. Select the Change main data task.

Table 46: General main data for a Microsoft Entra ID service principal

Property

Description

Display name

Name for displaying the service principal.

Tenant

Microsoft Entra ID tenant of the service principal.

Home realm discovery policy

Name of the home realm discovery policy.

Owner (Application Role)

Application roles whose members can configure the service principal.

Delete date

Time at which the service principal was deleted.

Alternative names Alternative names for the service principal. This is used to call service principals by subscription, to identify resource groups and full resource IDs for managing identities.

Web page

Home page of the Microsoft Entra ID application.

Application display name. Display name of the associated Microsoft Entra ID application.

Logo URL

Link to the application's logo.

Marketing URL

Link to the application's marketing page.

Privacy statement URL

Link to the application's privacy statement.

Service URL

Link to the application's support page.

Terms of service URL

Link to the application's terms of service.

Login URL URL that the identity provider uses to reroute the user to Microsoft Entra ID for authentication.
Logout URL URL that the Microsoft authorization service uses to log out a user using OPENID Connect front channel, OpenID Connect back-channel, or SAML logout protocols.
Notification mail addresses

List of email addresses that Microsoft Entra ID sends a notification to if the active certificate is nearing the expiration date.

Preferred single sign-on mode Single sign-on mode configured for this Microsoft Entra ID application.

Reply URLs

URLs that user tokens are sent to for logging in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application.

Service principal names

Contains the list of URIs that identify the associated Microsoft Entra ID application within its Microsoft Entra ID tenant, or within a verified custom domain, if the Microsoft Entra ID application is an Microsoft Entra ID multi-tenant.

Service principal type

Type of service principal, for example, an application or a managed identity. The type is set internally by Microsoft Entra ID.

Encryption key ID

ID of the public key for logging in using certificates.

Tags

User-defined string to use for categorizing and identifying the application.

Enabled Specifies whether the service principal is enabled.
App role assignment required Specifies whether users or other service principals must be assigned an app role for this service principal before they can login or obtain application tokens.
Related topics

Reports about Microsoft Entra ID objects

One Identity Manager makes various reports available containing information about the selected base object and its relations to other One Identity Manager database objects. The following reports are available for Microsoft Entra ID.

NOTE: Other sections may be available depending on the which modules are installed.

Table 47: Data quality target system report

Report

Published for

Description

Show overview

User account

This report shows an overview of the user account and the assigned permissions.

Show overview including origin

User account

This report shows an overview of the user account and origin of the assigned permissions.

Show overview including history

User account

This report shows an overview of the user accounts including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

License overview

User account

The report contains a summary of assigned and effective subscriptions and service plans for a user account.

License overview

Subscription

The report shows an overview of a subscription license. It shows to which groups and user accounts the subscription is assigned and which service plans effectively apply to the groups and the user accounts.

Overview of all assignments

group

Subscription

Administrator role

This report finds all roles containing identities who have the selected system entitlement.

Show overview

group

This report shows an overview of the system entitlement and its assignments.

Show overview including origin

group

This report shows an overview of the system entitlement and origin of the assigned user accounts.

Show overview including history

group

This report shows an overview of the system entitlement and including its history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show entitlement drifts

Tenant

This report shows all system entitlements that are the result of manual operations in the target system rather than provisioned by One Identity Manager.

Show user accounts overview (incl. history)

Tenant

This report returns all the user accounts with their permissions including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Show user accounts with an above average number of system entitlements

Tenant

This report contains all user accounts with an above average number of system entitlements.

Show identities with multiple user accounts

Tenant

This report shows all the identities that have multiple user accounts. The report contains a risk assessment.

Show system entitlements overview (incl. history)

Tenant

This report shows the system entitlements with the assigned user accounts including a history.

Select the end date for displaying the history (Min. date). Older changes and assignments that were removed before this date, are not shown in the report.

Overview of all assignments

Tenant

This report finds all roles containing identities with at least one user account in the selected target system.

Show unused user accounts

Tenant

This report contains all user accounts, which have not been used in the last few months.

Show orphaned user accounts

Tenant

This report shows all user accounts to which no identity is assigned.

Table 48: Additional reports for the target system

Report

Description

Microsoft Entra ID user account and group administration

This report contains a summary of user account and group distribution in all tenants. You can find this report in the My One Identity Manager category.

Data quality summary for Microsoft Entra ID user accounts

This report contains different evaluations of user account data quality in all tenants. You can find this report in the My One Identity Manager category.

Managing Microsoft Entra ID security attributes

Assign Microsoft Entra ID security attributes to Microsoft Entra ID user accounts and service principals, to allow access to resources to be regulated.

In One Identity Manager, you can assigned Microsoft Entra ID security attributes directly to user accounts and service principals.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating