立即与支持人员聊天

获得即时帮助
完成注册

登录

请求定价

联系销售人员

Identity Manager 9.3 - Administration Guide for Connecting to Microsoft Entra ID

Managing Microsoft Entra ID environments

Architecture overview One Identity Manager users for managing Microsoft Entra ID Configuration parameters for managing Microsoft Entra ID environments

Synchronizing a Microsoft Entra ID environment

Setting up initial synchronization with a Microsoft Entra ID tenant

Registering an enterprise application for One Identity Manager in the Microsoft Entra ID tenant Users and permissions for synchronizing with Microsoft Entra ID Setting up the Microsoft Entra ID synchronization server

System requirements for the Microsoft Entra ID synchronization server Installing One Identity Manager Service with a Microsoft Entra ID connector

Creating a synchronization project for initial synchronization of a Microsoft Entra ID tenant

Information required for Microsoft Entra ID synchronization projects Creating an initial synchronization project for a Microsoft Entra ID tenant

Configuring the synchronization log

Adjusting the synchronization configuration for Microsoft Entra ID environments

Configuring synchronization with Microsoft Entra ID tenants Configuring synchronization of different Microsoft Entra ID tenants Customizing synchronization projects to invite guest users Supporting custom Microsoft Entra ID extensions Changing system connection settings of Microsoft Entra ID tenants

Editing connection parameters in the variable set Editing target system connection properties

Updating schemas Speeding up synchronization Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Deactivating synchronization Displaying synchronization results Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing Microsoft Entra ID user accounts through account definitions

Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)

Managing Microsoft Entra ID user accounts and identities

Account definitions for Microsoft Entra ID user accounts

Creating account definitions Editing account definitions Main data for an account definition Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to identities

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all identities Assigning account definitions directly to identities Assigning account definitions to system roles Adding account definitions in the IT Shop

Assigning account definitions to Microsoft Entra ID tenants Deleting account definitions

Assigning identities automatically to Microsoft Entra ID user accounts

Editing search criteria for automatic identity assignment Finding identities and directly assigning them to user accounts Changing manage levels for Microsoft Entra ID user accounts

Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one identity Providing administrative user accounts for several people

Privileged user accounts

Updating identities when Microsoft Entra ID user account are modified Specifying deferred deletion for Microsoft Entra ID user accounts

Managing memberships in Microsoft Entra ID groups

Assigning Microsoft Entra ID groups to Microsoft Entra ID user accounts

Prerequisites for indirect assignment of Microsoft Entra ID groups to Microsoft Entra ID user accounts Assigning Microsoft Entra ID groups to departments, cost centers and locations Assigning Microsoft Entra ID groups to business roles Adding Microsoft Entra ID groups to system roles Adding Microsoft Entra ID groups to the IT Shop Adding Microsoft Entra ID groups automatically to the IT Shop Assigning Microsoft Entra ID user accounts directly to Microsoft Entra ID groups Assigning Microsoft Entra ID groups directly to Microsoft Entra ID user accounts

Effectiveness of group memberships Microsoft Entra ID group inheritance based on categories Overview of all assignments

Managing Microsoft Entra ID administrator roles assignments

Assigning Microsoft Entra ID administrator roles to Microsoft Entra ID user accounts

Prerequisites for indirect assignment of Microsoft Entra ID administration roles to Microsoft Entra ID user accounts Assigning Microsoft Entra ID administrator roles to departments, cost centers, and locations Assigning Microsoft Entra ID administrator roles to business roles Adding Microsoft Entra ID administrator roles to system roles Adding Microsoft Entra ID administrator roles in the IT Shop Adding Microsoft Entra ID administrator roles to the IT Shop Assigning Microsoft Entra ID user accounts directly to Microsoft Entra ID administrator roles Assigning Microsoft Entra ID administrator roles directly to Microsoft Entra ID user accounts

Microsoft Entra ID administrator role inheritance based on categories

Managing Microsoft Entra ID subscription and Microsoft Entra ID service plan assignments

Displaying enabled and disabled Microsoft Entra ID service plans forMicrosoft Entra ID user accounts and Microsoft Entra ID groups Assigning Microsoft Entra ID subscriptions to Microsoft Entra ID user accounts

Prerequisites for indirect assignment of Microsoft Entra ID subscriptions to Microsoft Entra ID user accounts Assigning Microsoft Entra ID subscriptions to departments, cost centers, and locations Assigning Microsoft Entra ID subscriptions to business roles Adding Microsoft Entra ID subscriptions to system roles Adding Microsoft Entra ID subscriptions to the IT Shop Adding Microsoft Entra ID subscriptions automatically to the IT Shop Assigning Microsoft Entra ID user account directly to Microsoft Entra ID subscriptions Assigning Microsoft Entra ID subscriptions directly to Microsoft Entra ID user accounts

Assigning disabled Microsoft Entra ID service plans to Microsoft Entra ID user accounts

Prerequisites for indirect assignment of disabled Microsoft Entra ID service plans to Microsoft Entra ID user accounts Assigning disabled Microsoft Entra ID service plans directly to departments, cost centers, and locations Assigning disabled Microsoft Entra ID service plans to business roles Adding disabled Microsoft Entra ID service plans to system roles Adding disabled Microsoft Entra ID service plans to the IT Shop Adding disabled Microsoft Entra ID service plans automatically to the IT Shop Assigning Microsoft Entra ID user accounts directly to disabled Microsoft Entra ID service plans Assigning disabled Microsoft Entra ID service plans directly to Microsoft Entra ID user accounts

Inheriting Microsoft Entra ID subscriptions based on categories Inheritance of disabled Microsoft Entra ID service plans based on categories

Login credentials for Microsoft Entra ID user accounts

Password policies for Microsoft Entra ID user accounts

Predefined password policies Using password policies Creating password policies Editing password policies General main data of password policies Policy settings Character classes for passwords Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Password exclusion list Checking passwords Testing password generation

Initial password for new Microsoft Entra ID user accounts Email notifications about login data

Microsoft Entra ID role management

Microsoft Entra ID role management tenants Enabling new Microsoft Entra ID role management features Microsoft Entra ID role main data Main data of Microsoft Entra ID role settings Displaying Microsoft Entra ID role settings main data Assigning temporary access passes to Microsoft Entra ID user accounts Displaying Microsoft Entra ID scoped role assignments Displaying scoped role eligibilities for Microsoft Entra ID roles Overview of Microsoft Entra ID scoped role assignments Main data of Microsoft Entra ID scoped role assignments Managing Microsoft Entra ID scoped role assignments Adding Microsoft Entra ID scoped role assignments Editing Microsoft Entra ID scoped role assignments Deleting Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role assignments to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role assignments Assigning Microsoft Entra ID business roles to scopes though role assignments Assigning Microsoft Entra ID organizations to scopes through role assignments Overview of Microsoft Entra ID scoped role eligibilities Main data of Microsoft Entra ID scoped role eligibilities Managing Microsoft Entra ID scoped role eligibilities Adding Microsoft Entra ID scoped role eligibilities Editing Microsoft Entra ID scoped role eligibilities Deleting Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID user accounts Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID groups Assigning Microsoft Entra ID scoped role eligibilities to Microsoft Entra ID service principals Assigning Microsoft Entra ID system roles to scopes through role eligibilities Assigning Microsoft Entra ID business roles to scopes though role eligibilities Assigning Microsoft Entra ID organizations to scopes through role eligibilities

Mapping Microsoft Entra ID objects in One Identity Manager

Microsoft Entra ID core directories

Microsoft Entra ID tenant General main data of Microsoft Entra ID tenants Information about local Active Directory Defining categories for the inheritance of entitlements Editing the synchronization project for a Microsoft Entra ID tenant Microsoft Entra ID domains Microsoft Entra ID policies for activity-based timeouts Microsoft Entra ID policies for home realm discovery Microsoft Entra ID policies for issuing tokens Microsoft Entra ID policies for token lifetime

Microsoft Entra ID user accounts

Creating and editing Microsoft Entra ID user accounts General main data of Microsoft Entra ID user accounts Contact data for Microsoft Entra ID user accounts Information about the user profile for Microsoft Entra ID user accounts Organizational data for Microsoft Entra ID user accounts Information about the local Active Directory user account Audit data for Microsoft Entra ID user accounts Assigning extended properties to Microsoft Entra ID user accounts Disabling Microsoft Entra ID user accounts Deleting and restoring Microsoft Entra ID user accounts Displaying the Microsoft Entra ID user account overview Displaying Active Directory user accounts for Microsoft Entra ID user accounts

Microsoft Entra ID user identities

Deploying user identities for Microsoft Entra ID user accounts Displaying user identities for Microsoft Entra ID user accounts Displaying Microsoft Entra ID user identities' main data Displaying the Microsoft Entra ID user identity overview

Microsoft Entra ID groups

Editing main data of Microsoft Entra ID groups General main data for Microsoft Entra ID groups Information about local Active Directory groups Adding Microsoft Entra ID groups to Microsoft Entra ID groups Assigning Microsoft Entra ID administrator roles to Microsoft Entra ID groups Assigning owners to Microsoft Entra ID groups Assigning extended properties to Microsoft Entra ID groups Deleting Microsoft Entra ID groups Displaying the Microsoft Entra ID group overview Displaying Active Directory groups for Microsoft Entra ID groups

Microsoft Entra ID administrator roles

Editing main data of Microsoft Entra ID administrator roles Assigning Microsoft Entra ID groups to Microsoft Entra ID administrator roles Assigning extended properties to Microsoft Entra ID administrator roles Displaying the Microsoft Entra ID administration role overview

Microsoft Entra ID administrative units

Editing main data of administrative units Assigning user accounts to administrative units Assigning groups to administrative units

Microsoft Entra ID subscriptions and Microsoft Entra ID service principals

Editing Microsoft Entra ID subscription main data Assigning additional properties to Microsoft Entra ID subscriptions Displaying the Microsoft Entra ID subscriptions and service plan overview

Disabled Microsoft Entra ID service plans

Editing main data of disabled Microsoft Entra ID service plans Assigning extended properties to disabled Microsoft Entra ID service plans Displaying the disabled Microsoft Entra ID service plan overview

Microsoft Entra ID app registrations and Microsoft Entra ID service principals

Displaying information about Microsoft Entra ID app registrations Assigning owners to Microsoft Entra ID app registrations Displaying Microsoft Entra ID app registration main data Displaying information about Microsoft Entra ID service principals Assigning owners to Microsoft Entra ID service principals Editing authorizations for Microsoft Entra ID service principals Displaying Microsoft Entra ID service principals for enterprise applications Displaying Microsoft Entra ID service principal main data

Reports about Microsoft Entra ID objects Managing Microsoft Entra ID security attributes

Assigning Microsoft Entra ID security attributes to user accounts Assigning Microsoft Entra ID security attributes to service principals

Handling of Microsoft Entra ID objects in the Web Portal Recommendations for federations Basic data for managing a Microsoft Entra ID environment

Target system managers for Microsoft Entra ID Job server for Microsoft Entra ID-specific process handling

General main data of Job servers Specifying server functions

Troubleshooting

Possible errors when synchronizing an Microsoft Entra ID tenant

Configuration parameters for managing a Microsoft Entra ID environment Default project template for Microsoft Entra ID

Project template for Microsoft Entra ID tenants Project template for Microsoft Entra ID B2C tenants

Editing Microsoft Entra ID system objects Microsoft Entra ID connector settings

Information about local Active Directory groups

The Federation tab shows information about the local Active Directory user account that is linked to the Microsoft Entra ID user account.

Assignments to Microsoft Entra ID groups that are synchronized with the local Active Directory are not allowed in One Identity Manager. These groups cannot be requested through the web portal. You can only manage these groups in your locally. For more information, see the Microsoft Entra ID documentation from Microsoft.

Table 40: Local Active Directory group data
Property	Description
Synchronization with local Active Directory enabled	Specifies whether synchronization with a local Active Directory is enabled.
Last synchronization	Time of the last Microsoft Entra ID group synchronization with the local Active Directory.
SID of local group	Security ID of the local Active Directory group.

Related topics

Displaying Active Directory groups for Microsoft Entra ID groups

Adding Microsoft Entra ID groups to Microsoft Entra ID groups

Use this task to add a group to another group. This means that the groups can be hierarchically structured.

To assign groups directly to a group as members

In the Manager, select the Microsoft Entra ID > Groups category.
Select the group in the result list.
Select the Assign groups category.
Select the Has members tab.
Assign child groups in Add assignments.
TIP: In the Remove assignments pane, you can remove the assignment of groups.

To remove an assignment
- Select the group and double-click .
Save the changes.

To add a group as a member of other groups

In the Manager, select the Microsoft Entra ID > Groups category.
Select the group in the result list.
Select the Assign groups task.
Select the Is member of tab.
In the Add assignments pane, assign parent groups.
TIP: In the Remove assignments pane, you can remove the assignment of groups.

To remove an assignment
- Select the group and double-click .
Save the changes.

Assigning Microsoft Entra ID administrator roles to Microsoft Entra ID groups

This task only available for groups with the Assignable to administrator roles option enabled.

To assign administrator roles to a group

In the Manager, select the Microsoft Entra ID > Groups category.
Select the group in the result list.
Select the Assign administrator roles task.
In the Add assignments pane, assign administrator roles.
TIP: In the Remove assignments pane, you can remove assigned administrator roles.

To remove an assignment
- Select the administrator role and double-click .
Save the changes.

Related topics

Assigning owners to Microsoft Entra ID groups

A group owner can edit group properties.

To assign owners to a group

In the Manager, select the Microsoft Entra ID > Groups category.
Select the group in the result list.
Select the Assign owner task.
Select the table containing the owner from the Table drop-down at the top of the form. You have the following options:
- Microsoft Entra ID user accounts
In the Add assignments pane, assign owners.
TIP: In the Remove assignments pane, you can remove assigned owners.

To remove an assignment
- Select the owner and double-click .
Save the changes.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级

© 2025 One Identity LLC. ALL RIGHTS RESERVED. 使用条款隐私 Cookie Preference Center