立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and identities Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login credentials for Azure Active Directory user accounts Azure Active Directory role management Mapping Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory user identities Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory administrative units Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Testing password generation

When you generate a password, all the password policy settings, custom scripts and the restricted passwords are taken into account.

To generate a password that conforms to the password policy

  1. In the Manager, select the Azure Active Directory > Basic configuration data > Password policies category.

  2. In the result list, select the password policy.

  3. Select the Change main data task.

  4. Select the Test tab.

  5. Click Generate.

    This generates and displays a password.

Initial password for new Azure Active Directory user accounts

You can issue an initial password for a new Azure Active Directory user account in the following ways:

  • When you create the user account, enter a password in the main data.

  • Assign a randomly generated initial password to enter when you create user accounts.

    • In the Designer, set the TargetSystem | AzureAD | Accounts | InitialRandomPassword configuration parameter.

    • Apply target system specific password policies and define the character sets that the password must contain.

    • Specify which identity will receive the initial password by email.

Related topics

Email notifications about login data

You can configure the login credentials for new user accounts to be sent by email to a specified person. In this case, two messages are sent with the user name and the initial password. Mail templates are used to generate the messages. The mail text in a mail template is defined in several languages. This means the recipient’s language can be taken into account when the email is generated. Mail templates are supplied in the default installation with which you can configure the notification procedure.

The following prerequisites must be fulfilled in order to use notifications:

  1. Ensure that the email notification system is configured in One Identity Manager. For more information, see the One Identity Manager Installation Guide.

  2. In the Designer, set the Common | MailNotification | DefaultSender configuration parameter and enter the sender address for sending the email notifications.
  3. Ensure that all identities have a default email address. Notifications are sent to this address. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.
  4. Ensure that a language can be determined for all identities. Only then can they receive email notifications in their own language. For more information, see the One Identity Manager Identity Management Base Module Administration Guide.

When a randomly generated password is issued for the new user account, the initial login data for a user account is sent by email to a previously specified identity.

To send initial login data by email

  1. In the Designer, set the TargetSystem | AzureAD | Accounts | InitialRandomPassword configuration parameter.

  2. In the Designer, set the TargetSystem | AzureAD | Accounts | InitialRandomPassword | SendTo configuration parameter and enter the message recipient as a value.

  3. In the Designer, set the TargetSystem | AzureAD | Accounts | InitialRandomPassword | SendTo | MailTemplateAccountName configuration parameter.

    By default, the message sent uses the mail template Identity - new user account created. The message contains the name of the user account.

  4. In the Designer, set the TargetSystem | AzureAD | Accounts | InitialRandomPassword | SendTo | MailTemplatePassword configuration parameter.

    By default, the message sent uses the mail template Identity - initial password for new user account. The message contains the initial password for the user account.

TIP: To use custom mail templates for emails of this type, change the value of the configuration parameter.

Azure Active Directory role management

Role management describes extended role management functionality of role-based access control in Microsoft 365. This allows the user to manage roles and their members, as well as limiting role assignments to partial scopes in Azure Active Directory.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级