立即与支持人员聊天
与支持团队交流

Active Roles 7.6.1 - Synchronization Service Administration Guide

Synchronization Service Overview Deploying Synchronization Service Getting started Connections to external data systems
External data systems supported with built-in connectors
Working with Active Directory Working with an AD LDS (ADAM) instance Working with Skype for Business Server Working with Oracle Working with Exchange Server Working with Active Roles Working with One Identity Manager Working with a delimited text file Working with Microsoft SQL Server Working with Micro Focus NetIQ Directory Working with Salesforce Working with ServiceNow Working with Oracle Unified Directory Working with an LDAP directory service Working with IBM DB2 Working with IBM AS/400 Working with an OpenLDAP directory service Working with IBM RACF connector Working with MySQL database Working with an OLE DB-compliant relational database Working with SharePoint Working with Microsoft Office 365 Configuring data synchronization with the Microsoft Azure AD Connector Configuring data synchronization with the SCIM Connector Configuring data synchronization with the Generic SCIM Connector
Using connectors installed remotely Creating a connection Renaming a connection Deleting a connection Modifying synchronization scope for a connection Using connection handlers Specifying password synchronization settings for a connection
Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use
About scenarios Scenario 1: Create users from a .csv file to an Active Directory domain Scenario 2: Use a .csv file to update user accounts in an Active Directory domain Scenario 3: Synchronizing data between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 4: Deprovisioning between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 5: Provisioning of Groups between One Identity Manager Custom Target Systems and an Active Directory domain Scenario 6: Enabling Delta Sync mode between One Identity Manager Custom Target Systems and an Active Directory domain Example of using the Generic SCIM Connector for data synchronization
Appendix A: Developing PowerShell scripts for attribute synchronization rules Appendix B: Using a PowerShell script to transform passwords

Configuring a Microsoft Azure AD connection

To create a connection to Microsoft Azure Active Directory (Azure AD) with the Microsoft Azure AD Connector, you must perform two procedures:

  1. Configure Active Roles Synchronization Service as an Azure application in your Microsoft Azure AD organization. For more information on this procedure, see Configuring the Microsoft Azure AD Connector as an Azure application for data synchronization.

  2. Configure the Microsoft Azure AD Connector in the Active Roles Synchronization Service console. For more information, see Creating a connection with the Microsoft Azure AD Connector.

Configuring the Microsoft Azure AD Connector as an Azure application for data synchronization

To enable the Microsoft Azure AD Connector of the Active Roles Synchronization Service read and write data in Microsoft Azure Active Directory (Azure AD), you must configure the connector as an Azure application in your Microsoft Azure AD environment.

Prerequisites

To assign all required permissions to the application, you must install the Azure AD PowerShell module. For more information on how to install the module, see Install Azure Active Directory PowerShell for Graph in the Microsoft Azure documentation, or download the module manually.

To configure Microsoft Azure AD Connector as an Azure application

  1. In the Azure Portal, register a new application in the domain of your Microsoft Azure AD environment where you want to perform data synchronization. For more information, see Register an application with the Microsoft identity platform in the Microsoft Azure documentation.

  2. Assign the required permissions to the application via a Windows PowerShell script, so that the Microsoft Azure AD Connector of the Active Roles Synchronization Service can read and write data in Microsoft Azure AD. To do so, adapt and run the following Windows PowerShell script.

    Example PowerShell Script to assign permissions to Microsoft Azure AD Connector
    # Replace <ClientId> with the Client ID of the Active Roles Azure AD Connector application (example format: 455ad643-332g-32h7-q004-8ba89ce65ae26)
    
    $Id = “<ClientId>”
    
    # Prompt for Microsoft Azure AD Global Admin credentials.
    
    # Save the supplied credentials to the $creds variable.
    
    $creds=get-credential
    
    # Connect to Azure AD using the credentials stored in $creds.
    
    Connect-AzureAD -credential $creds
    
    # Get the Principal ID of the Active Roles Azure AD Connector Application and save it to the $servicePrincipal variable
    
    $servicePrincipal = Get-AzureADServicePrincipal -All $true | Where-Object {$_.AppId -eq $Id}
    
    # Get the required role ID from the Active Roles Azure AD Connector Application and save it to the $roleId variable
    
    $roleId = (Get-AzureADDirectoryRole | Where-Object {$_.displayName -eq 'Company Administrator'}).ObjectId
    
    # Assign the required permissions to the Active Roles Azure AD Connector application
    
    Add-AzureADDirectoryRoleMember -ObjectId $roleId -RefObjectId $servicePrincipal.ObjectId
  3. In the Azure Portal, open the application you created and take note of the following information:
    • Client ID

    • Valid key of the application

    These information will be required when configuring the Microsoft Azure AD Connector as described in Creating a connection with the Microsoft Azure AD Connector.

Creating a connection with the Microsoft Azure AD Connector

You can configure an Active Roles Synchronization Service connection to your Microsoft Azure Active Directory (Azure AD) environment with the Microsoft Azure AD Connector.

Prerequisites

An Azure application with the required permissions for Microsoft Azure AD Connector must exist in the Azure AD environment where you want to perform data synchronization. For more information on configuring an Azure application and the required permissions, see Configuring the Microsoft Azure AD Connector as an Azure application for data synchronization.

To create a new Microsoft Azure AD Connector connection

  1. In the Active Roles Synchronization Service Console, navigate to Connections > Add Connection.

    Figure 4: Active Roles Synchronization Service Console – Adding a new connection via Connections > Add connection

  2. In the Name connection and select connector step, specify a custom Connection name. Then from the Use the specified connector drop-down list, select Microsoft Azure AD Connector and click Next.

  3. On the Specify connection settings page, configure the following options:
  4. To verify that the specified authentication settings are correct, click Test Connection. If testing fails, then:

    • Check your network connectivity.

    • Check if the Microsoft Azure service is available.

    • Make sure that the specified Azure AD domain, Client ID and Key settings are correct.

  5. If testing completed successfully, create the new Microsoft Azure AD connection by clicking Finish.

Viewing or modifying a Microsoft Azure AD connection

You can view or modify an existing connection based on the Microsoft Azure AD Connector with the Active Roles Synchronization Service Console. Modifying a Microsoft Azure AD Connector connection is typically required if any change occurs in the Azure application or the Azure AD environment to which the Active Roles Synchronization Service connection was originally configured.

To view or modify an existing Microsoft Azure AD Connector connection

  1. In the Active Roles Synchronization Service Console, click Connections.

  2. In the Connections page, search for the connection that uses the Microsoft Azure AD Connector, and click Connection settings.

  3. On the Connection Settings tab, click Specify connection settings and view or modify the following settings as required:
  4. To verify that the specified authentication settings are correct, click Test Connection. If testing fails, then:

    • Check your network connectivity.

    • Check if the Microsoft Azure service is available.

    • Make sure that the specified Azure AD domain, Client ID and Key settings are correct.

  5. To apply your changes, click Save.
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级