立即与支持人员聊天
与支持团队交流

Identity Manager 8.1.4 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Setting up synchronization with an Azure Active Directory tenant Basic data for managing an Azure Active Directory environment Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory subscriptions and service plans
Azure Active Directory subscriptions Disabled Azure Active Directory service plans
Reports about Azure Active Directory objects Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory

Help for the analysis of synchronization issues

You can generate a report for analyzing problems that arise during synchronization, inadequate performance for example. The report contains information such as:

  • Consistency check results
  • Revision filter settings
  • Scope applied
  • Analysis of the data store
  • Object access times in the One Identity Manager database and in the target system

To generate a synchronization analysis report

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the Help | Generate synchronization analysis report menu item and click Yes in the security prompt.

    The report may take a few minutes to generate. It is displayed in a separate window.

  3. Print the report or save it in one of the available output formats.

Deactivating synchronization

Regular synchronization cannot be started until the synchronization project and the schedule are active.

To prevent regular synchronization

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the start up configuration and deactivate the configured schedule.

    Now you can only start synchronization manually.

An activated synchronization project can only be edited to a limited extend. The schema in the synchronization project must be updated if schema modifications are required. The synchronization project is deactivated in this case and can be edited again.

Furthermore, the synchronization project must be deactivated if synchronization should not be started by any means (not even manually).

To deactivate the synchronization project

  1. Open the synchronization project in the Synchronization Editor.

  2. Select the General view on the start page.

  3. Click Deactivate project.

Related topics

Basic data for managing an Azure Active Directory environment

To manage an Azure Active Directory environment in One Identity Manager, the following basic data is relevant.

  • Configuration parameter

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data | General | Configuration parameters category.

    For more information, see Configuration parameters for managing an Azure Active Directory environment.

  • Account definitions

    One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

    For more information, see Account definitions for Azure Active Directory user accounts.

  • Password policy

    One Identity Manager provides you with support for creating complex password policies, for example, for system user passwords, the employees' central password as well as passwords for individual target systems. Password polices apply not only when the user enters a password but also when random passwords are generated.

    Predefined password policies are supplied with the default installation that you can use or customize if required. You can also define your own password policies.

    For more information, see Password policies for Azure Active Directory user accounts.

  • Initial password for new user accounts

    You have the different options for issuing an initial password for user accounts. The central password of the assigned employee can be aligned with the user account password, a predefined, fixed password can be used, or a randomly generated initial password can be issued.

    For more information, see Initial password for new Azure Active Directory user accounts.

  • Email notifications about credentials

    When a new user account is created, the login data are sent to a specified recipient. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages.

    For more information, see Email notifications about login data.

  • Target system types

    Target system types are required for configuring target system comparisons. Tables containing outstanding objects are maintained on target system types.

    For more information, see Post-processing outstanding objects.

  • Target system managers

    A default application role exists for the target system manager in One Identity Manager. Assign the employees who are authorized to edit all tenants in One Identity Manager to this application role.

    Define additional application roles if you want to limit the edit permissions for target system managers to individual tenants. The application roles must be added under the default application role.

    For more information, see Target system managers.

  • Server

    Servers must know your server functionality in order to handle Azure Active Directory specific processes in One Identity Manager. For example, the synchronization server.

    For more information, see Editing a server.

Account definitions for Azure Active Directory user accounts

One Identity Manager has account definitions for automatically allocating user accounts to employees during working hours. You can create account definitions for every target system. If an employee does not yet have a user account in a target system, a new user account is created. This is done by assigning account definitions to an employee.

The data for the user accounts in the respective target system comes from the basic employee data. The employee must own a central user account. The assignment of the IT operating data to the employee’s user account is controlled through the primary assignment of the employee to a location, a department, a cost center, or a business role. Processing is done through templates. There are predefined templates for determining the data required for user accounts included in the default installation. You can customize templates as required.

For detailed information about account definitions, see the One Identity Manager Target System Base Module Administration Guide.

The following steps are required to implement an account definition:

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级