立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Cloud Access Governance Administration Guide

Managing Azure Cloud System

One Identity Manager CIM module for Azure Cloud System module provides the ability to connect to Azure Tenant and synchronize Azure objects to One Identity Manager and provision Role Assignments for Security Principals. Identity and Access Governance processes such as attesting, IT Shop, or report subscriptions can be used for Azure Tenant. The integration ensures a strong governance.

Architecture overview

To access Azure Tenant data, the SCIM connector is installed on a synchronization server. The synchronization server ensures that the data is compared between the One Identity Manager database and Azure tenant. The SCIM connector uses the Starling Connect Azure Infrastructure Connector to synchronize the Azure objects to One Identity Manager. The Starling Connect Connector uses the Microsoft Azure REST API and accesses the Azure objects.

One Identity Manager users for managing Azure Cloud System

The following users are used in Azure Tenant administration.

Table 1: Users used in Azure Tenant system administration
Users Task
Target system administrators

Target system administrators must be assigned to the Target systems | Administrators application role.

Users with this application role

  • Administrative application roles for individual target systems types
  • Specify the target system manager
  • Set up other application roles for target system managers if required
  • Specify which application roles are conflicting for target system managers
  • Authorize other identity to be target system administrators
  • Do not assume any administrative tasks within the target system
Target system managers

Target system managers must be assigned to Target systems | Azure Cloud Access Governance or a sub-application role.

Users with this application role

  • Assume administrative tasks for the target system
  • View target system objects

  • Configure synchronization in the Synchronization Editor and define the mapping for comparing target systems and One Identity Manager
  • Edit the synchronization's target system types and outstanding objects
  • Authorize other identities within their area of responsibility as target system managers and create child application roles if required
One Identity Manager administrators
  • Create customized permissions groups for application roles for role-based login to administration tools in Designer as required
  • Create system users and permissions groups for nonrole- based login to administration tools in Designer as required
  • Enable or disable additional configuration parameters in Designer as required
  • Create custom processes in Designer as required
  • Create and configures schedules as required
Administrators for the IT Shop

Administrators must be assigned to the Request & Fulfillment | IT Shop | Administrators application role.

Users with this application role

  • Assign to IT Shop structures
Product owner for the IT Shop

Product owners must be assigned to the Request & Fulfillment | IT Shop | Product owner application role or a child application role.

Users with this application role

  • Approve through requests
  • Edit service items and service categories under their management
Administrators for Organizations

Administrators must be assigned to the application role Identity Management | Organizations | Administrators.

Users with this application role

  • Assign to departments, cost centers and locations
Business roles administrators

Administrators must be assigned to the application role Identity Management | Business roles | Administrators.

Users with this application role

  • Assign to business roles

Setting up synchronization with Azure Cloud System

The following steps must be performed before setting up the Azure cloud system:

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级