立即与支持人员聊天
与支持团队交流

Identity Manager 9.2.1 - Administration Guide for Connecting to Azure Active Directory

Managing Azure Active Directory environments Synchronizing an Azure Active Directory environment
Setting up initial synchronization with an Azure Active Directory tenant Adjusting the synchronization configuration for Azure Active Directory environments Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing Azure Active Directory user accounts and identities Managing memberships in Azure Active Directory groups Managing Azure Active Directory administrator roles assignments Managing Azure Active Directory subscription and Azure Active Directory service plan assignments
Displaying enabled and disabled Azure Active Directory service plans forAzure Active Directory user accounts and Azure Active Directory groups Assigning Azure Active Directory subscriptions to Azure Active Directory user accounts Assigning disabled Azure Active Directory service plans to Azure Active Directory user accounts Inheriting Azure Active Directory subscriptions based on categories Inheritance of disabled Azure Active Directory service plans based on categories
Login credentials for Azure Active Directory user accounts Azure Active Directory role management
Azure Active Directory role management tenants Enabling new Azure Active Directory role management features Azure Active Directory role main data Displaying Azure Active Directory scoped role assignments Displaying scoped role eligibilities for Azure Active Directory roles Overview of Azure Active Directory scoped role assignments Main data of Azure Active Directory scoped role assignments Managing Azure Active Directory scoped role assignments Adding Azure Active Directory scoped role assignments Editing Azure Active Directory scoped role assignments Deleting Azure Active Directory scoped role assignments Assigning Azure Active Directory scoped role assignments Assigning Azure Active Directory system roles to scopes through role assignments Assigning Azure Active Directory business roles to scopes though role assignments Assigning Azure Active Directory organizations to scopes through role assignments Overview of Azure Active Directory scoped role eligibilities Main data of Azure Active Directory scoped role assignments Managing Azure Active Directory scoped role eligibilities Adding Azure Active Directory scoped role eligibilities Editing Azure Active Directory scoped role eligibilities Deleting Azure Active Directory scoped role eligibilities Assigning Azure Active Directory scoped role eligibilities Assigning Azure Active Directory system roles to scopes through role eligibilities Assigning Azure Active Directory business roles to scopes though role eligibilities Assigning Azure Active Directory organizations to scopes through role eligibilities
Mapping Azure Active Directory objects in One Identity Manager
Azure Active Directory core directories Azure Active Directory user accounts Azure Active Directory user identities Azure Active Directory groups Azure Active Directory administrator roles Azure Active Directory administrative units Azure Active Directory subscriptions and Azure Active Directory service principals Disabled Azure Active Directory service plans Azure Active Directory app registrations and Azure Active Directory service principals Reports about Azure Active Directory objects
Handling of Azure Active Directory objects in the Web Portal Recommendations for federations Basic configuration data for managing an Azure Active Directory environment Troubleshooting Configuration parameters for managing an Azure Active Directory environment Default project template for Azure Active Directory Editing Azure Active Directory system objects Azure Active Directory connector settings

Azure Active Directory domains

A base domain is linked to the core directory in the cloud. You can also add other user-defined domains in Azure Active Directory, which you can then allocate to Microsoft cloud services. One Identity Manager only loads verified domain data into the database. It is not possible to edit data in One Identity Manager.

To obtain an overview of a domain

  1. In the Manager, select the Azure Active Directory > Verified domains category.

  2. Select the domain in the result list.

  3. Select the Azure Active Directory domain overview task.

Table 29: Domain main data

Property

Description

Domain name

Full domain name.

Tenant

Azure Active Directory tenant entered for this domain.

Type

Type of domain.

Primary domain

Specifies whether this is the primary domain, for example, for creating new Azure Active Directory user accounts.

Initial domain

Specifies whether this is the initial domain. The initial domain is created when a tenant is registered in Azure Active Directory.

Available services

List of the services available in this domain.

Related topics

Azure Active Directory policies for activity-based timeouts

You can use Azure Active Directory activity-based timeout policies to specify the idle time of web sessions for applications. For more information, see the Azure Active Directory documentation from Microsoft.

Azure Active Directory activity-based timeout policies are loaded into One Identity Manager during synchronization and cannot be changed.

To display information about an Azure Active Directory policy

  1. In the Manager, select the Azure Active Directory > Tenants > <your tenant> > Policies > Activity-based timeout policies category.

  2. In the result list, select the Azure Active Directory policy.

  3. Select one of the following tasks:

    • Activity-based timeout policy overview: This shows you an overview of the Azure Active Directory policy and its dependencies.

    • Change main data: Shows the Azure Active Directory policy's main data. You cannot edit the main data.

      • Display name: The Azure Active Directory policy's display name.

      • Description: Description of the Azure Active Directory policy.

      • Definition: Definition of the Azure Active Directory in JSON format.

      • Tenant: Azure Active Directory tenant that owns the policy.

      • Default policy: Specifies whether this is the Azure Active Directory tenant's default policy.

Azure Active Directory policies for home realm discovery

You can use Azure Active Directory home realm discovery policies to accelerate logging users into federated domains. To provide an Azure Active Directory home realm discovery policy for an Azure Active Directory application, you assign the policy to the Azure Active Directory service principal. For more information, see the Azure Active Directory documentation from Microsoft.

Azure Active Directory home realm discovery policies are loaded into One Identity Manager during synchronization and cannot be changed.

To display information about an Azure Active Directory policy

  1. In the Manager, select the Azure Active Directory > Tenants > <your tenant> > Policies > Home realm discovery policies category.

  2. In the result list, select the Azure Active Directory policy.

  3. Select one of the following tasks:

    • Home realm discovery policy overview: This shows you an overview of the Azure Active Directory policy and its dependencies.

    • Change main data: Shows the Azure Active Directory policy's main data. You cannot edit the main data.

      • Display name: The Azure Active Directory policy's display name.

      • Description: Description of the Azure Active Directory policy.

      • Definition: Definition of the Azure Active Directory in JSON format.

      • Tenant: Azure Active Directory tenant that owns the policy.

      • Default policy: Specifies whether this is the Azure Active Directory tenant's default policy.

Related topics

Azure Active Directory policies for issuing tokens

You can use Azure Active Directory token issuance policies to specify SAML token properties for logging in. To provide an Azure Active Directory token issuance policy for an Azure Active Directory application, you assign the policy to the Azure Active Directory application. For more information, see the Azure Active Directory documentation from Microsoft.

Azure Active Directory token issuance policies are loaded into One Identity Manager during synchronization and cannot be changed.

To display information about an Azure Active Directory policy

  1. In the Manager, select the Azure Active Directory > Tenants > <your tenant> > Policies > Token issuance policies category.

  2. In the result list, select the Azure Active Directory policy.

  3. Select one of the following tasks:

    • Token issuance policy overview: This shows you an overview of the Azure Active Directory policy and its dependencies.

    • Change main data: Shows the Azure Active Directory policy's main data. You cannot edit the main data.

      • Display name: The Azure Active Directory policy's display name.

      • Description: Description of the Azure Active Directory policy.

      • Definition: Definition of the Azure Active Directory in JSON format.

      • Tenant: Azure Active Directory tenant that owns the policy.

      • Default policy: Specifies whether this is the Azure Active Directory tenant's default policy.

Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级