OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize...
Transcript of OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize...
![Page 1: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/1.jpg)
OT2 Admin Center Tenant Administrator Guide
Contents
1 OpenText™ OT2 Tenant Admin..........................................................................4
2 Getting started..............................................................................................................4
2.1 Managing your tenants and subscriptions..........................................................42.2 Understanding the tenant and subscription administrator roles.................42.3 Assigning users to subscriptions...........................................................................5
2.3.1 Assigningsubscriptionsthroughauto-provisioning..................................52.3.2 Assigningsubscriptionsthroughuserandgroupsynchronization........52.3.3 Invitinguserstosubscriptions........................................................................6
2.4 Browsing to the tenant and subscription levels.................................................62.5 Preparing to set up your tenant and manage subscriptions..........................6
2.5.1 Understandingauthenticationschemes......................................................72.5.2 Preparingtoconnectappstoon-premisesapplications
andservices.......................................................................................................92.5.3 Choosingatenantandsubscriptionadministratorsfor
yourtenant.......................................................................................................... 102.6 Sample workflow: setting up your tenant and managing subscriptions.... 10
2.6.1 Tosetupyourtenantandmanagesubscriptionsforthefirsttime:...... 102.7 Opening subscriptions and apps from the
My Apps page.............................................................................................................. 112.7.1 ToopensubscriptionsandappsfromtheMyAppspage:....................... 11
![Page 2: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/2.jpg)
3 Configuring authentication settings............................................................12
3.1 Configuring an authentication scheme for your tenant.................................. 123.1.1 Toconfigureanauthenticationschemeforyourtenant:......................... 12
3.2 Creating and managing partitions......................................................................... 133.2.1 Creatingandconfiguringapartition............................................................. 143.2.2 Viewingpartitiondetails.................................................................................. 173.2.3 Viewingpartitionusersandgroups............................................................... 173.2.4 Removingasubscriptionfromapartitionyoucreated............................. 183.2.5 Deletinganauthenticationschemefromapartitionyoucreated.......... 193.2.6 Deletingapartitionyoucreated..................................................................... 193.2.7 ManagingtheNativepartition........................................................................ 19
3.3 Setting up SSO with an identity provider.............................................................233.3.1 Settingupauto-provisioning...........................................................................233.3.2 SynchronizingAzureActiveDirectoryusersandgroups
withAdminCenter...........................................................................................233.4 Setting up the Tunnel Agent....................................................................................303.5 Generating client credentials....................................................................................30
3.5.1 GeneratingclientcredentialsfortheTunnelAgent...................................313.5.2 GeneratingclientcredentialsforAzureActiveDirectory.........................323.5.3 Changingtheexpiryperiodsorpartitionforaccesstokens....................333.5.4 Regeneratingaclientsecretvalue................................................................33
4 Configuring connection settings....................................................................34
4.1 Configuring repository connection settings.......................................................344.1.1 Toconfigureconnectionsettingsforarepositoryother
thanDocumentum:............................................................................................344.1.2 ToconfigureconnectionsettingsforaDocumentumrepository:..........35
5 Managing your tenant..............................................................................................35
5.1 Managing subscriptions...........................................................................................355.1.1 ToopentheSubscriptionspage:...................................................................35
5.2 Customizing Admin Center emails........................................................................365.2.1 Customizingtheimagedisplayedinemails.................................................365.2.2 Customizingthereplyaddressandsendernameinemails....................36
5.3 Viewing tenant details...............................................................................................37
![Page 3: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/3.jpg)
6 Managing users and groups...............................................................................38
6.1 Adding and removing tenant administrators......................................................386.1.1 Addingatenantadministrator........................................................................386.1.2 Resendingemailinvitations.............................................................................396.1.3 Removingatenantadministrator...................................................................39
6.2 Managing tenant users...............................................................................................396.2.1 Viewinguserinformation.................................................................................406.2.2 Disablingandenablinguseraccounts..........................................................406.2.3 Unlockinguseraccounts.................................................................................416.2.4 Resettingusertwo-factorauthenticationsettings....................................416.2.5 Movinguserstoadifferentpartition.............................................................42
6.3 Understanding the Tenant column on the Tenant admins
and Tenant users pages...........................................................................................436.4 Understanding tenant groups.................................................................................44
6.4.1 Creatingatenantgroupmanually.................................................................446.4.2 Editingthenameanddescriptionofamanually
createdtenantgroup........................................................................................466.4.3 Deletingamanuallycreatedtenantgroup...................................................46
![Page 4: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/4.jpg)
OT2 Admin Tenant Administrator Guide
1 OpenText™ OT2 Tenant AdminOT2AdminCenterprovidesTenantAdministratorsaunifiedinterfacetosupporttheintuitivecontrolofapplications,subscriptions,usersandtheiraccess.InOT2AdminCenter,youcanconfiguresettingsatthetenantandthesubscriptionlevel.Tenantadministratorsmustbesetupbeforemanagingsubscriptionsatasubscriptionadministratorlevel.
ThisguideprovidesanoverviewofhowtenantadministratorscanuseOT2AdminCentertosetupyourtenantandmanageandconfiguresettingsforOT2applicationsubscriptions.Youcanaddtenantadministratorsandcreateoneormoretenantgroupstomanageusers.Youcanalsomanagesubscriptionsettingsforappsinyourtenantandassignsubscriptionstousers.
2 Getting started
2.1 Managing your tenants and subscriptions
YourAdminCentertenantcontainsalloftheOT2appsubscriptionsthatyoucanassigntousersinyourorganization.Eachsubscriptionspecifiesusagedetailsforanapp,forexample,thelengthoftimeusersarepermittedtouseanapp,themaximumnumberofuserswhocansubscribetothatapp,andothersubscriptiondetailsconfiguredbyyourOpenTextAccountExecutive.
InAdminCenter,youcanconfiguresettingsattwolevels:thetenantlevelandthesubscriptionlevel.Atthetenantlevel,youcanconfigureauthenticationsettings,repositoryconnectionsettings,andothersettingsthatarecommontomultipleappsonyourtenant.Atthesubscriptionlevel,youcaninviteuserstosubscribetoapps,connectappstoexternalrepositoriesandservices,andconfigureothersubscription-specificsettings.
Youmustsetupyourtenantbeforeyoumanagesubscriptions.
2.2 Understanding the tenant and subscription administrator roles
InAdminCenter,twotypesofadministratorrolesareavailable:tenantadministratorsandsubscriptionadministrators.
TenantadministratorscanperformthefollowingtasksinAdminCenter:
•Manageallofthesubscriptionsonatenant.
•Configuresettingsthatarecommontoallsubscriptionsonatenant,forexample,connectionsettings.
4Needmorehelp?VisittheOT2AdminCenterforum
![Page 5: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/5.jpg)
OT2 Admin Tenant Administrator Guide
5
SubscriptionadministratorscanmanageonlythesubscriptionsthatatenantadministratororanothersubscriptionadministratorhasmadeavailabletotheminAdminCenter.
AtenantadministratormustsetupanAdminCentertenantbeforesubscriptionadministratorscanmanagesubscriptions.
Tenantadministratorscanaddanynumberoftenantandsubscriptionadministratorstoatenant.Subscriptionadministratorscanalsoaddanynumberofsubscriptionadministratorstosubscriptions.
2.3 Assigning users to subscriptions
Youcanassignsubscriptionstousersinthefollowingways:
•Bysettingupauto-provisioning.
•BysynchronizinguserandgroupinformationbetweenMicrosoftAzureActiveDirectoryandAdminCenter.
•Byinvitinguserstosubscriptions.
2.3.1 Assigning subscriptions through auto-provisioning
Youcansetupauto-provisioningifyouareusinganexternalusersource,suchasMicrosoftAzureActiveDirectory,toauthenticateusersonyourAdminCentertenant.Ifyousetupauto-provisioning,usersareaddedtoyourtenantandassignedtosubscriptionsaftertheysignintotheOT2platformusingtheircredentialsfromtheusersource.
Formoreinformation,seeSetting up SSO with an identity provider.
2.3.2 Assigning subscriptions through user and group synchronization
IfyouareusingAzureActiveDirectory,youcansynchronizeuserandgroupinformationbetweenAzureActiveDirectoryandyourAdminCentertenant.Inthiscase,AzureActiveDirectoryautomaticallyrunsaprocessatregularintervalstotransferuserandgroupinformationfromyouridentityprovidertoyourAdminCentertenant.Usersandgroupsfromtheidentityproviderarethenaddedtoyourtenantandassignedtosubscriptionsautomaticallyduringthesynchronizationprocess.
Formoreinformation,seeSetting up SSO with an identity provider.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 6: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/6.jpg)
OT2 Admin Tenant Administrator Guide
6
2.3.3 Inviting users to subscriptions
Ifyouchoosenottosetupauto-provisioningoruserandgroupsynchronization,asubscriptionadministratormustinviteuserstosubscriptionsinAdminCenter.
Inthiscase,AdminCenterautomaticallysendsanemailinvitationtoeachuserwhohasbeeninvitedtoasubscription.UserscanthenclickalinkinthatemailtocreateaccountcredentialsontheOT2platform,jointhesubscription,andaccesstheappuntilthesubscriptionexpires.
2.4 Browsing to the tenant and subscription levels
Bydefault,afteryousign-intoAdminCenterasatenantadministrator,theTenant detailspageisopenedandthelinksonthenavigationmenupointtopagesthatletyouconfiguretenantsettings.
Tobrowsetothesubscriptionlevel,clickSubscriptionsonthenavigationmenuandthenclickanyofthesubscriptionsinthesubscriptionslist.Whenyouclickasubscription,thesubscription’sDetailspageisopenedanddifferentlinksappearonthenavigationmenu.Theselinkspointtopagesthatletyouconfiguresettingsforthesubscriptionyouopened.
Tobrowsetothetenantlevelagain,clickthenameofyourtenantinthebreadcrumbtrail.
Tip
FormoreinformationabouttheTenant detailsandSubscriptionspages,seeViewing tenant detailsandManaging subscriptions.
2.5 Preparing to set up your tenant and manage subscriptions
BeforesettingupyourtenantandmanagingsubscriptionsinAdminCenter,youmustcompletethefollowingtasks:
1. Determinewhichauthenticationschemeorschemestoconfigureonyourtenant.Formoreinformation,seeUnderstanding authentication schemes.
2. Confirmthatyoursystemadministratorhasinstalledandconfiguredalloftheon-premisesapplicationsandservicesthatyourappswilluse.Formoreinformation,seePreparing to connect apps to on-premises applications and services.
3. Choosewhetheryouwanttoassigntenantandsubscriptionadministratorrolestousers.Formoreinformation,seeChoosing tenant and subscription administrators for your tenant.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 7: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/7.jpg)
OT2 Admin Tenant Administrator Guide
7
Aftercompletingthesetasks,youcansetupyourtenantandmanagesubscriptionsinAdminCenter.Formoreinformation,seeSample workflow: setting up your tenant and managing subscriptions.
2.5.1 Understanding authentication schemes
AnauthenticationschemespecifieshowusersareauthenticatedwhentheyuseOT2apps.InAdminCenter,youmustconfiguretheauthenticationschemesthatarerequiredfortheappsonyourtenant.
Thefollowingauthenticationschemesareavailable:
Native EnablesyoutouseOpenText™DirectoryServices(OTDS)toauthenticateusers.ThisauthenticationschemeletsyouinviteuserstosubscriptionsmanuallyinAdminCenter.
Hybrid Enablesyoutouseanon-premisesusersource,suchasActiveDirectory,toauthenticateusers.Youcanusethisauthenticationschemeifyouwanttouseacontentrepositorydirectory,suchasOpenText™Documentum™Server,toauthenticateusers.
Thisauthenticationschemeletsyousetupauto-provisioningtoassignuserstosubscriptionsautomatically.
Formoreinformationabouthybridauthentication,seeOpenTextOT2HybridAuthenticationUserGuideonOpenTextMySupport.
SAML EnablesyoutouseaSecurityAssertionMarkupLanguage(SAML)identityprovidertoauthenticateusers.Youcanusethisauthenticationschemeif,forexample,youwanttoconfiguresinglesign-on(SSO)usingaSAMLauthenticationhandler.
Thisauthenticationschemeletsyousetupauto-provisioningtoassignuserstosubscriptionsautomatically.
FormoreinformationaboutconfiguringSAMLauthentication,seethedocumentationforyouridentityprovider.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 8: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/8.jpg)
OT2 Admin Tenant Administrator Guide
8
SCIM and SAML
EnablesyoutouseanidentityproviderthatsupportstheSystemforCross-domainIdentityManagement(SCIM)protocol,forexample,AzureActiveDirectory.Toauthenticateusers,youmustalsoconfigureSAMLauthenticationonyouridentityprovider.
Whenyouusethisauthenticationscheme,usersandgroupsarefirstsynchronizedbetweentheidentityproviderandyourAdminCentertenantovertheSCIMprotocol.Theuserswhoareaddedtothetenantareassignedtosubscriptionsautomatically.
Toaccessapps,userscanprovidetheiridentityprovidercredentialstosignintotheOT2platform.UsersarethenauthenticatedwiththeidentityproviderthroughSAML.
Salesforce EnablesyoutouseSalesforcetoauthenticateusers.Ifyouwanttousethisauthenticationscheme,yoursystemadministratormustintegrateSalesforcewiththeOT2EntitlementandTenantservice,createauserpartitioninOTDStosynchronizeSalesforceaccounts,andenableSSOinSalesforce.
Note
ThisauthenticationschemeisavailableonlyifyourtenanthasanAuthentication schemespage.
Eachappsupportsoneormorespecificauthenticationschemes.Todeterminewhichauthenticationschemesyouneedtoconfigureforeachapp,seetheapp-specificdocumentationonOpenTextMySupport.
InAdminCenter,youcanconfigureoneormoreauthenticationschemesbasedonthetypeoftenantthatyourOpenTextAccountExecutivehasconfiguredforyourorganization.TherearetwotypesoftenantsinAdminCenter
•TenantsthathaveanAuthenticationschemespage.
•TenantsthathaveanAuthpartitionspage.
Tip
Thelinksonthenavigationmenuindicatewhichtypeoftenantyouhave.IfanAuthentication schemes linkappearsonthenavigationmenu,yourtenanthasanAuthentication schemespage.IfanAuth Partitionslinkappearsonthenavigationmenu,yourtenanthasanAuth partitionspage.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 9: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/9.jpg)
OT2 Admin Tenant Administrator Guide
9
2.5.1.1 Tenants that have an Authentication schemes page
IfyourtenanthasanAuthentication schemespage,youcanconfigureonlyoneauthenticationschemeonyourtenantatatimeandalloftheappsonyourtenantmustusethesameauthenticationscheme.Inthiscase,thetenantusesthenativeauthenticationschemebydefault;however,youcanchangeittothehybrid,SAML,orSalesforceauthenticationschemeasneeded.
2.5.1.2 Tenants that have an Auth partitions page
IfyourtenanthasanAuth partitionspage,youcancreatepartitionstoconfiguremultipleauthenticationschemesonyourtenant.
Forexample,ifsomeoftheappsonyourtenantrequirethehybridauthenticationschemeandotherappsrequiretheSAMLauthenticationscheme,youcancreateonepartitionfortheappsthatusethehybridauthenticationschemeandanotherpartitionfortheappsthatusetheSAMLauthenticationscheme.
Bydefault,allappsareaddedtoapartitionthatusesthenativeauthenticationscheme.IfyouwanttousethehybridorSAMLauthenticationscheme,youmustcreateadditionalpartitionsonyourtenant.Formoreinformation,seeCreating and managing partitions.
2.5.2 Preparing to connect apps to on-premises applications and services
YoucanintegratemostOT2appswithon-premisesapplications,forexample,contentrepositoriessuchasOpenText™ContentServerandOpenTextDocumentumServer,andOT2servicesthatenableyoutoretrievedata,runscheduledjobs,andperformotherspecializedtasks.
BeforemanagingsubscriptionsinAdminCenter,youandyoursystemadministratormustconfirmthatyourserverenvironmentmeetsalloftheprerequisitesfortheappsonyourtenant.Forexample,someappsmightrequireon-premisescomponentstobeinstalled.
Formoreinformationabouttheprerequisitesforeachapp,seetheapp-specificdocumentationonOpenTextMySupport.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 10: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/10.jpg)
OT2 Admin Tenant Administrator Guide
10
2.5.3 Choosing a tenant and subscription administrators for your tenant
WhenyousignintoAdminCenterforthefirsttime,youareautomaticallysignedinasatenantadministratorand,bydefault,youaretheonlyadministratoronyourtenant.
Ifyouwanttoallowotheruserstomanageyourtenantorsubscriptionsonyourtenant,youcanassigntenantandsubscriptionadministratorrolestousers.Formoreinformation,seeAdding and removing tenant administratorsand“Adding and removing subscription administrators”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
BeforesettingupyourtenantinAdminCenter,youmustdeterminewhichusersyouwanttoaddastenantandsubscriptionadministrators.
Tip
Formoreinformationaboutthetenantandsubscriptionadministratorroles,seeUnderstanding the tenant and subscription administrator roles.
2.6 Sample workflow: setting up your tenant and managing subscriptions
ThefollowingisasampleworkflowthatyoucanfollowwhenyousignintoAdminCenterforthefirsttimeasatenantadministrator.Youcanadaptthesequenceoftheworkflowstepstosuityourneeds.
Whenyousetupyourtenantforthefirsttime,youmustconfiguresettingsatboththetenantandsubscriptionlevels.
2.6.1 To set up your tenant and manage subscriptions for the first time:
1. Dooneofthefollowing:
•IfyourtenanthasanAuthentication schemespage,configureanauthenticationschemeforyourtenant.Formoreinformation,seeConfiguring an authentication scheme for your tenant.
•IfyourtenanthasanAuth partitionspage,optionallycreateoneormorepartitionsonyourtenant.Formoreinformation,seeCreating and managing partitions.
2. Configurerepositoryconnectionsfortheappsonyourtenant.Formoreinformation,seeConfiguring repository connection settings.
3. CustomizetheemailsthatAdminCentersendstousers.Formoreinformation,seeCustomizing Admin Center emails.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 11: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/11.jpg)
OT2 Admin Tenant Administrator Guide
11
4. [Optional]Createoneormoretenantgroupstomanageusers.Formoreinformation,seeCreating a tenant group manually.
5. [Optional]Ifyouwanttoallowotheruserstoconfigurebothtenantandsubscription-levelsettings,addtenantadministratorstoyourtenant.Formoreinformation,seeAdding a tenant administrator.
6. Configuresubscriptionsettingsfortheappsonyourtenantandassignsubscriptionstousersifrequired.Formoreinformation,see“Sample workflow: managing a subscription”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
2.7 Opening subscriptions and apps from the My Apps page
TheMy Apps pagedisplaysalloftheappsthatyouarepermittedtouseandallofthesubscriptionsthatyouarepermittedtomanage.Youcanusethispagetoviewandaccessallofyoursubscriptionsandappsfromacentrallocation.
Tip
Ifasubscriptionadministratorchangesthenameofasubscription,youwillneedtouseanewURLtoaccessthecorrespondingapp.Formoreinformation,see“Renaming your subscription”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Inthisscenario,youcanobtainthenewappURLfromtheMy Appspage.TheMy AppspagealwayshasthelatestURLsforappsubscriptions.
2.7.1 To open subscriptions and apps from the My Apps page:
1. InAdminCenter,clickMy Appsinthebreadcrumbtrail.
2. Dooneofthefollowing:
•IfyouwanttoopenandmanageasubscriptioninAdminCenter,clickConfigureonthecorrespondingtile.
•Ifyouwanttoopenanapp,clicktheappnameonthecorrespondingtile.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 12: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/12.jpg)
OT2 Admin Tenant Administrator Guide
12
3 Configuring authentication settingsYoucanspecifyhowusersareauthenticatedwhentheyusetheappsonyourtenant.
3.1 Configuring an authentication scheme for your tenant
IfyourtenanthasanAuthentication schemespage,youmustconfigureacommonauthenticationschemeforalloftheappsonyourtenant.
Note
IfyourtenantdoesnothaveanAuthentication schemespage,youcanusepartitionstoconfigureauthenticationschemes.Formoreinformation,seeCreating and managing partitions.
3.1.1 To configure an authentication scheme for your tenant:
1. Atthetenantlevel,clickAuthentication schemesonthenavigationmenu.
2. Selecttheauthenticationschemeyouwanttouseonyourtenant.Formoreinformation,seeUnderstanding authentication schemes.
3. IfyouselectedtheHybridorSAMLauthenticationscheme,dothefollowing:
a. Ifyouwanttosetupauto-provisioningonyourtenant,turnontheAuto Provisioningswitch.Bydefault,thisswitchisturnedoff.
b. IntheNamebox,typeanamefortheconnectionvalues.
c. IntheDescriptionbox,typeadescriptionfortheconnectionvalues.
d.IntheIDP URLbox,specifythesign-inURLofyouridentityprovider.Formoreinformation,contactyoursystemadministrator.
e. IfyouselectedHybrid,turnontheSecure tunnelswitchiftheappsrequiretheTunnelAgent.Otherwise,turnoffthisswitchiftheappsdonotrequiretheTunnelAgent.
Note
Ifyouturnonthisswitch,youmustcompleteadditionaltasksinAdminCentertosetuptheTunnelAgent.Formoreinformation,seeSetting up the Tunnel Agent.
f. Click Save configuration.
4. IfyouselectedtheSAMLauthenticationschemeandenabledauto-provisioning,mapSAMLassertionclaimstoOTDSattributesasneededintheCustomize claim configurationarea.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 13: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/13.jpg)
OT2 Admin Tenant Administrator Guide
13
TypeaSAMLattributenameineachtextboxthatcorrespondstoanOTDSattributeyouwanttomap.ClickSave custom claimstosavethemappings.
ThemappingsareautomaticallytransferredtotheConfigurationpageofyourSAMLauthenticationhandlerinOTDS.Thesemappingsarethenusedtosetandupdateattributesonauto-provisionedSAMLaccounts.
Note
IfyoupreviouslyconfiguredclaimsmappingsfortheauthenticationhandlerinOTDS,theexistingmappingswillbeoverwrittenwiththenewmappingsyouconfigureinAdminCenter.
3.2 Creating and managing partitions
IfyourtenanthasanAuth partitionspage,youcancreatepartitionstoconfiguremultipleauthenticationschemesonyourtenant.
WhenyousignintoAdminCenterforthefirsttime,adefaultpartitioncalledNativeappearsonyourtenant.Bydefault,allsubscriptionsareaddedtothispartitionandusethenativeauthenticationscheme.Ifyouwanttocontinuetouseonlythenativeauthenticationscheme,youdonotneedtocreateadditionalpartitionsonyourtenant.
If,however,youwanttousetheSAML,hybrid,orSCIMandSAMLauthenticationscheme,youmustcreateanewpartitionfortheauthenticationschemeyouwanttouseandthenaddoneormoresubscriptionstothatpartition.Thosesubscriptionswillthenusetheauthenticationschemeassociatedwiththenewpartition,inadditiontothenativeauthenticationscheme.
WhenyoucreatenewpartitionsinAdminCenter,thecorrespondingpartitionsarecreatedautomaticallyinOTDS.Whenusersjoinasubscription,theusersareaddedtothepartitionassociatedwithauthenticationschemetheyusedtosignin.Formoreinformation,seeViewing partition users and groups.
Note
Ifneeded,youcanaddasubscriptiontomultiplepartitionstoallowusersfromdifferentusersourcestojointhesamesubscription.Formoreinformation,seeAdding a subscription to multiple partitions.
IfyourtenantdoesnothaveanAuthpartitionspage,youmustconfigureacommonauthenticationschemeforalloftheappsonyourtenant.Formoreinformation,seeConfiguring an authentication scheme for your tenant.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 14: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/14.jpg)
OT2 Admin Tenant Administrator Guide
14
3.2.1 Creating and configuring a partition
3.2.1.1 To create a partition:
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. ClicktheAddbutton .
3. InthePartition namebox,specifyanameforthepartition.
4. [Optional]IntheDescriptionbox,specifyadescriptionforthepartition.
5. [Optional]IntheDomainbox,specifyoneormoredomainsfromwhichuserswillbepermittedtosignin,forexample,domain.com.Ifyouspecifymultipledomains,separateeachvaluewithacomma(,).
6. Ifyouspecifyoneormoredomains,userswillbepermittedtosignintoappsonthepartitiononlyiftheiremailaddressdomainmatchesadomainyouhavespecified.Ifyouleavethisboxempty,userswillbepermittedtouseanemailaddressfromanydomaintosignin.
7. TurnontheAllow Salesforce SSOswitchifyouplantousetheSAML,hybrid,orSCIMandSAMLauthenticationschemetoauthenticateSalesforceusers.
Note
Ifyouturnonthisswitch,yoursystemadministratormustintegrateSalesforcewiththeOT2EntitlementandTenantservice,createauserpartitioninOTDStosynchronizeSalesforceaccounts,andenableSSOinSalesforce.Formoreinformation,seeOpenText Directory Services – Installation and Administration Guide (OTDS-IWC)andtheSalesforcedocumentation.
8. SelectacolorforthepartitiontilethatwillbedisplayedinAdminCenter.
9. ClickSave.
3.2.1.2 To configure an authentication scheme for the partition:
1. OntheAuth partitionspage,clickthetilethatcorrespondstothepartitionyoucreated.
2. OntheAuthentication schemetab,selecttheauthenticationschemeyouwanttoassociatewiththepartition.Formoreinformation,seeUnderstanding authentication schemes.
3. IntheNamebox,specifyanamefortheauthenticationschemeconfiguration.
4. IntheDescriptionbox,specifyadescriptionfortheauthenticationschemeconfiguration.
5. Inthe Provider Namebox,specifyanametodisplayforyouridentityproviderontheAdminCentersign-inpage.
UserscanselectwhichidentityprovidertousewhentheysignintoAdminCenter.Specifyanamethatwillhelpuserstoidentifyyouridentityprovideronthesign-inpage.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 15: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/15.jpg)
OT2 Admin Tenant Administrator Guide
15
6. IntheProvider URLbox,specifythesign-inURLforyouridentityprovider.
7. Ifneeded,configureoneofthefollowingoptionsbasedontheauthenticationschemeyouselected:
Secure tunnel
Ifyouselectedthehybridauthenticationscheme,turnonthisswitchiftheappsonthepartitionrequiretheTunnelAgent.Otherwise,turnoffthisswitchiftheappsdonotrequiretheTunnelAgent.
Note
Ifyouturnonthisswitch,youmustcompleteadditionaltasksinAdminCentertosetuptheTunnelAgent.Formoreinformation,seeSetting up the Tunnel Agent.
Sign SAML IfyouselectedtheSAMLorSCIMandSAMLauthenticationscheme,turnonthisswitchtoallowOTDStosignSAMLauthenticationrequeststhataresenttoyouridentityprovider.
Youmustturnonthisoptionif,forexample,youaresettingupSAMLauthenticationwithanidentityproviderthatacceptssinglelogoutrequestsonlyifauthenticationrequestsaresigned.
8. IfyouselectedthehybridorSAMLauthenticationscheme,turnonthe Auto Provisioningswitchtoenableauto-provisioningonthepartition.
Note
Tosetupauto-provisioning,youmustcompleteadditionaltasksinbothAdminCenterandyourserverenvironment.Formoreinformation,seeSetting up SSO with an identity provider.
9. ClickSave scheme.
10. IfyouselectedtheSAMLauthenticationschemeandenabledauto-provisioning,mapSAMLassertionclaimstoOTDSattributesasneededintheCustomize claim configuration area.
TypeaSAMLattributenameineachtextboxthatcorrespondstoanOTDSattributeyouwanttomap.ClickSave custom claimstosavethemappings.
ThemappingsareautomaticallytransferredtotheConfigurationpageofyourSAMLauthenticationhandlerinOTDS.Thesemappingsarethenusedtosetandupdateattributesonauto-provisionedSAMLaccounts.
Note
IfyoupreviouslyconfiguredclaimsmappingsfortheauthenticationhandlerinOTDS,theexistingmappingswillbeoverwrittenwiththenewmappingsyouconfigureinAdminCenter.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 16: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/16.jpg)
OT2 Admin Tenant Administrator Guide
16
3.2.1.3 To add subscriptions to the partition:
1. OntheAuth partitionspage,clickthetilethatcorrespondstothepartitionyoucreated.
2. OntheSubscriptionstab,intheAssociated subscriptionsarea,clicktheAddbutton .
3. IntheAssociate subscriptionslist,selectasubscription.
4. ClickAssociate.
5. Repeatthepreviousstepstoaddothersubscriptionstothepartitionasneeded.
Tip
Ifneeded,youcanaddasubscriptiontomultiplepartitionstoallowusersfromdifferentusersourcestojointhesamesubscription.Formoreinformation,seeAdding a subscription to multiple partitions.
3.2.1.4 Adding a subscription to multiple partitions
Youcanaddasubscriptiontomultiplepartitionsif,forexample,youwanttoallowusersfromdifferentusersourcestojointhesamesubscriptionthroughauto-provisioning.
3.2.1.5 Example 2.1: Adding a subscription to multiple partitions
YouwanttoallowusersfrombothanActiveDirectorysystemandanOktasystemtojointhesamesubscriptionthroughauto-provisioning.Todoso,youcancreatethefollowingpartitions:
•Partition1,whichusesthehybridauthenticationschemetoauthenticateusersfromtheActiveDirectorysystem.
•Partition2,whichusestheSAMLauthenticationschemetoauthenticateusersfromtheOktasystem.
IfyouthenaddthesubscriptiontobothPartition1andPartition2,usersfromboththeActiveDirectoryandOktasystemswillbeaddedtothesubscriptionautomaticallywhentheysignintotheOT2platform.InAdminCenter,userswillbeaddedtothepartitionassociatedwithauthenticationschemetheyusetosignin.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 17: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/17.jpg)
OT2 Admin Tenant Administrator Guide
17
3.2.2 Viewing partition details
AfterclickingapartitiontileontheAuth partitionspage,youcanclickthePartition detailstabtoviewinformationaboutthecorrespondingpartition,forexample,thepartitionname,tilecolor,andwhethertheAllow Salesforce SSOoptionisselectedonthepartition.
Onpartitionsthatyouhavecreated,thefollowinginformationalsoappearsonthetab:
•SAML metadata URL:AURLthatspecifiesthelocationoftheSAMLmetadatafile.
•SAML SSO URL:AURLthatspecifiestheSSOsign-inpageofyourSAMLidentityprovider.
•SAML login URL: AURLthatspecifiesthesign-inpageofyourSAMLidentityprovider.
•SCIM Sync URL: AURLthatspecifiesthebaseSCIMendpointforOTDS.
YoucanusetheseURLstoconfigureSSOwithyouridentityprovider.Formoreinformation,seeSetting up SSO with an identity provider.
3.2.3 Viewing partition users and groups
AfterclickingapartitiontileontheAuth partitionspage,youcanclicktheUserstaband,ifapplicable,theGroupstabtoviewalloftheusersandgroupsthatbelongtothecorrespondingpartition.
OntheNativepartition,theUserstablistsalloftheuserswhohavebeeninvitedtoasubscriptionandalloftheuserswhohavejoinedasubscriptionthroughanemailinvitation.
Onpartitionsyouhavecreated,theUsers and Groupstabslistalloftheusersandgroupsthathavebeenaddedtothecorrespondingpartitionthroughauto-provisioningoruserandgroupsynchronization.Forexample,ifausersignsintoanapponapartitionthathasauto-provisioningenabled,thatuserisautomaticallyassignedtothesubscriptionandaddedtothepartition,andtheuser’snameappearsonthepartition’sUserstab.
TheusersoneachUsers tabalsoappearonthefollowingpagesinAdminCenter:
•TheTenant userspage.Formoreinformation,seeManaging tenant users.
•TheUserspageatthesubscriptionlevel.Formoreinformation,see“Managing subscription users”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Userswhoareaddedtoapartitionthroughauto-provisioningoruserandgroupsynchronizationarealsoaddedtothepartition’stenantgroupontheTenant groupspage.Formoreinformation,seeUnderstanding tenant groups.
Tip
Ifyouwantuserstouseadifferentauthenticationschemeoridentityprovider,youcanmoveuserstoadifferentpartitionontheTenant userspage.Formoreinformation,seeMoving users to a different partition.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 18: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/18.jpg)
OT2 Admin Tenant Administrator Guide
18
3.2.3.1 To view partition users and groups:
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. OntheAuth partitionspage,clickatile.
3. ClicktheUserstabtoviewalloftheuserswhohavebeenaddedtothecorrespondingpartition.
4. Ifyouclickedatileforapartitionyoucreated,clicktheGroupstabtoviewallofthegroupsthathavebeenaddedtothepartition.Ifyouwanttoviewthemembersofagroup,clickagroupnameinthelist.
3.2.4 Removing a subscription from a partition you created
Youcanremoveasubscriptionfromapartitionyoucreatedif,forexample,younolongerwantuserstojointhatsubscriptionautomaticallythroughauto-provisioningoruserandgroupsynchronization.
Afteryouremoveasubscription,alloftheuserswhopreviouslyjoinedthatsubscriptionthroughauto-provisioningoruserandgroupsynchronizationwillremainonthepartitionandcancontinueusingthecorrespondingappwiththeirexistingcredentials.Ifyounolongerwantthoseuserstoaccesstheapp,youmustremovetheusersfromthesubscriptionatthesubscriptionlevel.Formoreinformation,see“Removingauserfromasubscription”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Note
YoucannotremovesubscriptionsfromtheNativepartition.
3.2.4.1 To remove a subscription from a partition you created:
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. OntheAuth partitionspage,clickapartitiontileandthenclicktheSubscriptionstab.
3. IntheAssociated subscriptions list,clicktheRemovebutton intherowthatcorrespondstothesubscriptionyouwanttoremove.
4. Whenpromptedtoremovethesubscription,clickYes, continue.
3.2.5 Deleting an authentication scheme from a partition you created
Youcandeletetheauthenticationschemethatyouconfiguredforapartitionyoucreatedifyouwanttoconfigureanewauthenticationschemeforthatpartition.
Note
YoucannotremovetheauthenticationschemefromtheNativepartition.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 19: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/19.jpg)
OT2 Admin Tenant Administrator Guide
19
3.2.5.1 To delete an authentication scheme from a partition you created:
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. OntheAuth partitionspage,clickapartitiontileandthenclicktheAuthentication schemetab.
3. ClickDelete scheme.
4. Whenpromptedtodeletetheauthenticationscheme,clickYes, continue.
3.2.6 Deleting a partition you created
Youcandeleteapartitionyoucreatedifitdoesnotcontainsubscriptionsorusers.
Note
YoucannotdeletetheNativepartition.
3.2.6.1 To delete a partition you created:
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. OntheAuth partitionspage,clickapartitiontileandthenclickthePartition detailstab.
3. IntheDetailsarea,clickRemove.
3.2.7 Managing the Native partition
3.2.7.1 Configuring a password policy
UserswhoareinvitedtosubscriptionsmustcreateaccountcredentialsontheOT2platform.Formoreinformation,see Inviting users to subscriptions.TheseusersareautomaticallyaddedtotheNativepartitionwhentheysignintoyourtenant.
InAdminCenter,youcanoptionallyconfigureapasswordpolicytospecifyrulesforcreatingandusingpasswordsontheOT2platform.Forexample,youcanspecifywhetherthepasswordsthatuserscreatemustcontainaminimumnumberofcharactersandsymbols,andyoucanspecifyhowoftenusersarepermittedtochangetheirpasswords.
Bydefault,theNativepartitionusestheglobalpasswordpolicythatisconfiguredinOTDS.YoucanchoosetokeepthedefaultglobalpasswordpolicyoreditthepolicyvaluesinAdminCentertospecifyadifferentsetofrulesforcreatingandusingpasswords.ThepasswordpolicyvaluesyouconfigureinAdminCenteroverridethecorrespondingglobalpasswordpolicyvaluesinOTDS.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 20: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/20.jpg)
OT2 Admin Tenant Administrator Guide
20
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. OntheAuth partitionspage,clicktheNativetile,andthenclicktheLogin settings tab.
3. ClickEdit.
4. Dooneofthefollowing:
•IfyouwanttousetheglobalpasswordpolicythatisconfiguredinOTDS,confirmthattheUse Global Policycheckboxisselected.Bydefault,thischeckboxisselected.
•Ifyouwanttospecifyadifferentsetofpasswordpolicyrules,cleartheUse Global Policycheckboxandconfiguretherulesyouwanttouse.
Eachboxcorrespondstoadifferentrule.Ineachbox,youcantypeanewnumericvalueorusethearrowbuttonstoselectanewvalue.Ifyouwanttodisablearule,specifyavalueof0inthecorrespondingbox.
Formoreinformationabouteachrule,seePassword policy rules.
5. ClickSave.
3.2.7.2 Password policy rules
OntheAuth partitionspage,youcanconfigurethefollowingpasswordpolicyrulesontheLogin settingstab:
Minimum characters Theminimumnumberofcharactersthatusersmustincludeinapassword.
Minimum numeric characters
Theminimumnumberofnumericcharactersthatusersmustincludeinapassword.
Minimum special characters
Theminimumnumberofspecialcharactersthatusersmustincludeinapassword.Examplesofspecialcharactersincludetheexclamationmark(!),atsymbol(@),andhashtag(#).
Minimum uppercase Theminimumnumberofuppercasecharactersthatusersmustincludeinapassword.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 21: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/21.jpg)
OT2 Admin Tenant Administrator Guide
21
Minimum lowercase Theminimumnumberoflowercasecharactersthatusersmustincludeinapassword.
Minimum number character changes from previous
Theminimumnumberofcharactersthatmustbedifferentinanewpasswordifusersreusesequentialcharactersfromanoldpasswordinthenewpassword.
Do not allow reuse of last (x) passwords
Thenumberofpasswordsthatmustbeuniquebeforeuserscanreuseanoldpassword.
Maximum continuous characters from username
Themaximumnumberofsequentialcharactersthatuserscanrepeatfromtheirusernamewhencreatingorchangingapassword.
Allow password change after (x) days
Theminimumnumberofdaysthatmusttakeplacebeforeuserscanchangeapassword.
Password expires in (x) days
Thenumberofdaysthatmusttakeplacebeforeapasswordexpiresandmustbechanged.
Attempts before lockout
Themaximumnumberofinvalidpasswordattemptsthatuserscanmakebeforetheyarelockedoutoftheiraccounts.
Lockout duration in minute
Thelengthoftime,inminutes,forwhichusersarelockedoutoftheiraccountsiftheyexceedthemaximumnumberofinvalidpasswordattempts.LockedaccountsareunlockedautomaticallywhentheLockout duration in minutesperiodexpires.
Tip
IfauserneedstoaccessalockedaccountbeforetheLockout duration in minutesperiodexpires,youcanunlocktheaccountmanuallyontheTenant users page.Formoreinformation,seeUnlocking user accounts
Needmorehelp?VisittheOT2AdminCenterforum
![Page 22: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/22.jpg)
OT2 Admin Tenant Administrator Guide
22
3.2.7.3 Configuring two-factor authentication
Ifneeded,youcanenabletwo-factorauthenticationontheNativepartitiontoprotectyourtenantfromunauthorizedaccess.
Bydefault,two-factorauthenticationisdisabledanduserswhoareaddedtotheNativepartitionarepromptedtoprovideonlytheirOT2accountcredentialswhentheysignintoyourtenant.
Ifyouenabletwo-factorauthentication,userswhoareaddedtotheNativepartitionarepromptedtoprovideboththeirOT2accountcredentialsandanauthenticationcodewhentheysignintoyourtenantforthefirsttime.Usersmustuseanauthenticatorapp,suchasMicrosoftAuthenticatororGoogleAuthenticator,onamobiledevicetogenerateanauthenticationcodeusingeithertheQRcodeorsecretkeythatappearsontheAdminCentersign-inpage.Usersmustthenenterthegeneratedauthenticationcodeonthesign-inpagetoaccessyourtenant.
Whenyouenabletwo-factorauthentication,youcanspecifywhetherusersmustenteranauthenticationcodeeachtimetheysignintoyourtenantorwhetheruserscanskipthetwo-factorauthenticationprocessiftheyhavealreadyenteredanauthenticationcodeforadevice.
1. Atthetenantlevel,clickAuth Partitionsonthenavigationmenu.
2. OntheAuth partitionspage,clicktheNativetile,andthenclicktheLoginsettingstab.
3. ClickEdit.
4. IntheTwofactorauthsettingsarea,selectEnable 2FAtoenabletwo-factorauthenticationonthepartition.
5. [Optional]CleartheAllow skip of known devicescheckboxifyouwanttohidetheDon’t ask me for a code again when I log in from this devicecheckboxfromtheAdminCentersign-inpagewhentwo-factorauthenticationisenabled.Inthiscase,userswillneedtoenteranauthenticationcodeeachtimetheysignintoyourtenant.
Bydefault,theAllowskipofknowndevicescheckboxisselectedandtheDon’t ask me for a code again when I log in from this devicecheckboxappearsontheAdminCentersign-inpagewhentwo-factorauthenticationisenabled.Inthiscase,userswhoselectDon’t ask me for a code again when I log in from this devicewillnotneedtoenteranauthenticationcodetosigniniftheyhavealreadycompletedthetwo-factorauthenticationprocessonadevice.
6. ClickSave.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 23: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/23.jpg)
OT2 Admin Tenant Administrator Guide
23
3.3 Setting up SSO with an identity provider
AdminCentersupportsSAML-basedSSOwithidentityproviderssuchasOktaandAzureActiveDirectory.
IfyouwanttosetupSAML-basedSSOwithAdminCenter,youcandoeitherofthefollowing:
•Setupauto-provisioningwithanidentityproviderthatsupportsSAML.
•SetupuserandgroupsynchronizationbetweenAzureActiveDirectoryandAdminCenter.
3.3.1 Setting up auto-provisioning
Youcansetupauto-provisioningifyouwanttoconfigureSSOwithanidentityproviderthatsupportsSAMLauthentication,forexample,OktaorAzureActiveDirectory.
Afteryousetupauto-provisioning,usersfromtheidentityproviderareautomaticallyaddedtoyourAdminCentertenantandassignedtosubscriptionswhentheysignintotheOT2platformusingtheircredentialsfromtheidentityprovider.
3.3.2 Synchronizing Azure Active Directory users and groups with Admin Center
IfyouareusingAzureActiveDirectory,youcansetupaprocesstosynchronizeuserandgroupinformationautomaticallybetweenAzureActiveDirectoryandyourAdminCentertenant.
Afteryousetupuserandgroupsynchronization,usersandgroupsfromtheidentityproviderareautomaticallyaddedtoapartitiononyourAdminCentertenantduringthesynchronizationprocess.Asaresult,theseusersandgroupsareautomaticallyassignedtoallofthesubscriptionsonthatpartition.
IfyouadduserstoorremoveusersfromtheAzureActiveDirectorysystem,thecorrespondingusersareautomaticallyaddedtoorremovedfromyourAdminCentertenantthenexttimeAzureActiveDirectoryrunsthesynchronizationprocess.
Whenyousetupuserandgroupsynchronization,youmustalsosetupSAMLauthenticationtoenableuserstosignintoAdminCenterusingtheirAzureActiveDirectorycredentials.
Note
Duringthesynchronizationprocess,AzureActiveDirectorycommunicateswithOTDSandAdminCenterovertheSCIMprotocol.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 24: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/24.jpg)
OT2 Admin Tenant Administrator Guide
24
3.3.2.1 SSO scenarios
TosetupSSOwithanidentityprovider,youneedtocompletesometasksinyourserverenvironmentandsometasksinAdminCenter.
3.3.2.1.1 Scenario 1: Setting up SAML-based SSO with an Okta system
ThefollowingproceduredescribeshowtosetupSAML-basedSSOwithOktathroughauto-provisioning.
Note
FormoreinformationaboutOkta,seetheOktaHelpCenter.
1. InAdminCenter,dothefollowing:
•IfyourtenanthasanAuthpartitionspage,createanewpartitionwithoutconfiguringanauthenticationschemeforit.Onthatpartition,addsubscriptionsfortheappsyouwanttoallowuserstoaccess.Formoreinformation,seeCreatingandconfiguringapartition.
•CopytheSAML SSO URLandSAML Metadata URLvaluesfromtheAuth partitionsorTenant detailspagetoalocationwhereyoucanaccessthemeasilylater.
IfyourtenanthasanAuth partitionspage,theseURLsappearonthenewpartition’sPartition detailstab.Formoreinformation,seeViewingpartitiondetails.
IfyourtenanthasanAuthentication schemespage,theseURLsappearontheTenant details page.Formoreinformation,seeViewingtenantdetails.
2. InOktaAdminConsole,createanewSSOapplication.Formoreinformation,see“Create your integration”intheOktaDeveloperPlatformhelp.
Whencreatingthenewapplication,youmustdothefollowingontheConfigure SAMLtab:
a. IntheSingle Sign on URLbox,specifytheSAML SSO URLvalueyoucopiedfromAdminCenter.
b.SelecttheUse this for Recipient and Destination URLcheckbox.
c. IntheAudience URI (SP Entity ID)box,specifytheSAML Metadata URLvalueyoucopiedfromAdminCenter.
d.IntheName ID formatlist,selectEmail Address.
e.[Optional]Ontheadvancedsettingspage,settheResponse and Assertion Signature valuestoSignedifyouwantSAMLresponsesandassertionstobesigned.
3. Whenyouarefinishedcreatingtheapplication,clicktheIdentity provider metadatalinktocopytheidentityproviderURL.PastetheURLtoalocationwhereyoucanaccessiteasilylater.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 25: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/25.jpg)
OT2 Admin Tenant Administrator Guide
25
4. InAdminCenter,dooneofthefollowing:
a. IfyourtenanthasanAuth partitionspage,gototheAuthentication schemetabthatbelongstothepartitionyoucreatedinstep1,andconfiguretheSAMLauthenticationschemeonthatpartition.Formoreinformation,seeCreating and configuring a partition.
b.IfyourtenanthasanAuthentication schemespage,configuretheSAMLauthenticationschemeonyourtenant.Formoreinformation,seeConfiguring an authentication scheme for your tenant.
Whenconfiguringtheauthenticationscheme,youmustdothefollowing:
c.ConfirmthattheAuto Provisioningswitchisturnedon.
d.IntheProvider URLbox,providetheidentifyproviderURLyoucopiedfromtheOktasystem.
UserscanthensignintoAdminCenterusingtheircredentialsfromtheOktasystem.Aftertheysignin,usersareaddedtotheAdminCenterpartitionorsiteautomaticallyandcanaccessthecorrespondingapp.
3.3.2.1.2 Scenario 2: Setting up SAML-based SSO with Azure Active Directory
ThefollowingproceduredescribeshowtosetupSAML-basedSSOwithAzureActiveDirectorythroughauto-provisioning.
Note
FormoreinformationaboutAzureActiveDirectory,seetheAzureActiveDirectorydocumentation.
1. InAdminCenter,dothefollowing:
a. IfyourtenanthasanAuth partitionspage,createanewpartitionwithoutconfiguringanauthenticationschemeforit.Onthatpartition,addsubscriptionsfortheappsyouwanttoallowuserstoaccess.Formoreinformation,seeCreating and configuring a partition.
b.CopytheSAML Login URLandSAML SSO URLvaluesfromAdminCentertoalocationwhereyoucanaccessthemeasilylater.
IfyourtenanthasanAuth partitionspage,thesevaluesappearonthenewpartition’sPartition detailstab.Formoreinformation,seeViewing partition details.
IfyourtenanthasanAuthentication schemespage,thesevaluesappearontheTenant detailspage.Formoreinformation,seeViewing tenant details.
2. SignintoAzureActiveDirectoryanddothefollowingtoaddanon-galleryapplication:
a.ClickEnterprise applications.
b.ClickNew applicationandselectNon-gallery application.
c.SpecifyanamefortheapplicationandclickAdd.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 26: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/26.jpg)
OT2 Admin Tenant Administrator Guide
26
3. ToconfigureSAMLauthenticationfortheapplication,dothefollowinginAzureActiveDirectory:
a.Clicktheapplicationnameinthelistofenterpriseapplications.
b.ClickSingle Sign-on.
c.OntheSelect a single sign-on methodpage,selectSAML.
d.OntheSet up Single Sign-On with SAMLpage,dothefollowing:
i. IntheBasic SAML Configurationarea,specifythefollowingvalues:
• IntheIdentifier(EntityID)box,specifytheSAMLLoginURLvalueyoucopiedfromAdminCenter.
• IntheReplyURL,Sign-onURL,andLogoutURLboxes,specifytheSAMLSSOURLvalueyoucopiedfromAdminCenter.
ii. IntheUser Attributes & Claimsarea,dothefollowing:
•ChangethedefaultmappingofEmailaddresstouser.userprincipalname.
•Changethedefaultmappingofnametouser.displayname.
•ClickAdd a group claim.IntheGroup Claimsdialogbox,selectAll Groups,andthenclickSave.
iii.FromtheAdditional claimsarea,copyalloftheclaimnameURLsandpastethemtoalocationwhereyoucanaccessthemeasilylater.
iv.IntheSAML Signing Certificatearea,copytheApp federation metadata URLvalueandpasteittoalocationwhereyoucanaccessiteasilylater.
4. InAdminCenter,dooneofthefollowingtoconfigureanauthenticationschemeforyourpartitionorsite:
a. IfyourtenanthasanAuth partitionspage,gototheAuthentication schemetabthatbelongstothepartitionyoucreatedinstep1,andconfiguretheSAMLauthenticationscheme.Formoreinformation,seeCreating and configuring a partition.
b.IfyourtenanthasanAuthentication schemespage,configuretheSAMLauthenticationschemeonyourtenant.Formoreinformation,seeConfiguring an authentication scheme for your tenant.
Whenconfiguringtheauthenticationscheme,youmustdothefollowing:
c.ConfirmthattheAuto Provisioningswitchisturnedon.
d.IntheProvider URLbox,providetheApp federation metadata URLvalueyoucopiedfromtheAzureActiveDirectorysystem.
e. IntheCustomize claim configurationarea,configurethefollowingmappings:
Needmorehelp?VisittheOT2AdminCenterforum
![Page 27: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/27.jpg)
OT2 Admin Tenant Administrator Guide
27
Admin Center value Azure Active Directory claim value
Mail http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Displayname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Group http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
5. InAzureActiveDirectory,createoneormoreusersandgroups.Formoreinformation,seehttps://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/.
6. Toallowthoseusersandgroupstoaccessanapponthepartitionorsite,doeitherofthefollowing:
a. Sendtheapp’ssubscriptionURLtoeachuserandgroup.Todoso,copythesubscriptionURLfromtheDetailspageinAdminCenterandthenpastetheURLinanemailthatyousendtousers.Formoreinformation,see“Sharing the subscription URL with users”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
UserscanthenclickthesubscriptionURLtoaccesstheapp’ssign-inpageandprovidetheirAzureActiveDirectorycredentialstosignin.
b.Assignanapproletoeachuserorgroupatthesubscriptionlevel.Formoreinformation,see“Assigning app roles to users or groups on the Roles page”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Userswillthenreceiveanemailinvitationautomatically.UserscanclickthesubscriptionURLinthatemailtoaccesstheapp’ssign-inpageandprovidetheirAzureActiveDirectorycredentialstosignin.
Aftertheysignin,usersareaddedtotheAdminCenterpartitionorsiteautomaticallyandcanaccessthecorrespondingapp.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 28: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/28.jpg)
OT2 Admin Tenant Administrator Guide
28
3.3.2.1.3 Scenario 3: Setting up SCIM synchronization with Azure Active Directory
Note
YoucancompletethisprocedureifyourAdminCentertenanthasanAuth partitionspage.YoucannotcompletethisprocedureifyoutenanthasanAuthentication schemespage.
FormoreinformationaboutAzureActiveDirectory,seetheAzureActiveDirectorydocumentation.
1. InAdminCenter,dothefollowing:
a.Createanewpartitionwithoutconfiguringanauthenticationschemeforit.Onthatpartition,addsubscriptionsfortheappsyouwanttoallowuserstoaccess.Formoreinformation,seeCreating and configuring a partition.
b.Onthenewpartition’sPartition detailstab,copytheSCIM Sync URL, SAML SSO URL,andSAML Login URLvaluestoalocationwhereyoucanaccessthemeasilylater.Formoreinformation,seeViewing partition details.
c.OntheAPI service credentials page,generateclientcredentialsforAzureActiveDirectoryatthetenantlevel.Formoreinformation,seeGenerating client credentials for Azure Active Directory.
2. SignintoAzureActiveDirectoryanddothefollowingtoaddanon-galleryapplication:
a.ClickEnterprise applications.
b.ClickNew applicationandselectNon-gallery application.
c.SpecifyanamefortheapplicationandclickAdd.
3. Clicktheapplicationnameinthelistofenterpriseapplications.
4. ClickProvisioning.
5. OntheProvisioningpage,dothefollowing:
a. IntheAdmin Credentialsarea,intheTenant URLbox,specifytheSCIM Sync URLvalueyoucopiedfromAdminCenter.
b.IntheMappingsarea,clickProvision Azure Active Directory Users.OntheAttribute Mappingpage,changetheSource Attribute valueofthemailattributetouserPrincipalName.
c. IntheSettings area,settheProvisioning StatusvaluetoOn.FormoreinformationabouttheProvisioningpage,see“Managing user account provisioning for enterprise apps in the Azure portal”intheAzureActiveDirectorydocumentation.
6. ToconfigureSAMLauthenticationfortheapplication,dothefollowing:
a.ClickSingle Sign-on.
b.OntheSelect a single sign-on methodpage,selectSAML.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 29: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/29.jpg)
OT2 Admin Tenant Administrator Guide
29
c.OntheSet up Single Sign-On with SAMLpage,dothefollowing:
i. IntheBasic SAML Configurationarea,specifythefollowingvalues:
• IntheIdentifier (Entity ID)box,specifytheSAML Login URLvalueyoucopiedfromAdminCenter.
• IntheReply URL, Sign-on URL,andLogout URLboxes,specifytheSAML SSO URLvalueyoucopiedfromAdminCenter.
ii. IntheUser Attributes & Claimsarea,dothefollowing:
•ChangethedefaultmappingofEmailaddresstouser.userprincipalname.
•Changethedefaultmappingofnametouser.displayname.
•ClickAdd a group claim.IntheGroup Claimsdialogbox,selectAll Groups,andthenclickSave.
iii.IntheSAML Signing Certificatearea,copytheApp federation metadata URLvalueandpasteittoalocationwhereyoucanaccessiteasilylater.
7. InAdminCenter,configuretheSCIM and SAMLauthenticationschemeonyourtenant.Formoreinformation,seeConfiguring an authentication scheme for your tenant.
IntheProvider URLbox,providetheApp federation metadata URL valueyoucopiedfromtheAzureActiveDirectorysystem.
8. InAzureActiveDirectory,createalloftheusersandgroupsyouwanttosynchronize.Formoreinformation,seehttps://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/.
AfterAzureActiveDirectoryrunsthesynchronizationprocessforthefirsttime,usersandgroupsautomaticallyappearontheUsersandGroupstabsonthepartitionyoucreatedinAdminCenter.
9. Toallowusersandgroupstoaccessanapponthepartitionorsite,doeitherofthefollowingafterthesynchronizationprocesstakesplace:
a. Sendtheapp’ssubscriptionURLtoeachAzureActiveDirectoryuserandgroup.Todoso,copythesubscriptionURLfromtheDetailspageinAdminCenterandthenpastetheURLinanemailthatyousendtousers.Formoreinformation,see“Sharing the subscription URL with users”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
UserscanthenclickthesubscriptionURLtoaccesstheapp’ssign-inpageandprovidetheirAzureActiveDirectorycredentialstosignin.
b.AssignanapproletoeachAzureActiveDirectoryuserorgroupatthesubscriptionlevel.Formoreinformation,see“Assigning app roles to users or groups on the Roles page”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Userswillthenreceiveanemailinvitationautomatically.UserscanclickthesubscriptionURLinthatemailtoaccesstheapp’ssign-inpageandprovidetheirAzureActiveDirectorycredentialstosignin.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 30: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/30.jpg)
OT2 Admin Tenant Administrator Guide
30
3.4 Setting up the Tunnel Agent
TheTunnelAgentisanon-premisescomponentthatenablesOT2appstocommunicatesecurelywithon-premisesrepositoriesandapplicationsbehindafirewall.
IfyouconfiguredtheHybridauthenticationschemeonatenantorpartitionandyoursystemadministratorhaschosentoinstallandconfiguretheTunnelAgentinyouron-premisesenvironment,youmustcompletethefollowingtasks:
1. TurnontheSecure tunnelswitchfortheHybridauthenticationscheme.Formoreinformation,seeConfiguring an authentication scheme for your tenantorCreating and configuring a partition.
2. GenerateclientcredentialsfortheTunnelAgent.Formoreinformation,seeGenerating client credentials.
3. TurnontheSecure tunnel switchwhenyouconfigurerepositoryconnections.Formoreinformation,seeConfiguring connection settings.
FormoreinformationabouttheTunnelAgent,seetheOpenText OT2 Tunnel Agent Configuration GuideonOpenTextMySupport.
3.5 Generating client credentials
ClientcredentialsenableclientstorequestOAuthaccesstokenstoaccessresources.
WhensettingupyourAdminCentertenant,youmustgenerateclientcredentialsinthefollowingscenarios:
If the apps on your tenant require the Tunnel Agent.
Inthisscenario,youmustgenerateclientcredentialsinAdminCenterandprovidethemtoyoursystemadministrator.YoursystemadministratorcanthenusetheclientcredentialsyouprovidetoconfiguretheTunnelAgentinyourorganization’sserverenvironment.AftertheTunnelAgentisconfigured,theclientcredentialsenabletheTunnelAgenttorequestOAuthaccesstokenstocommunicatewithAdminCenter.
FormoreinformationabouttheTunnelAgent,seeSetting up the Tunnel Agent.
If you want to synchronize users and groups between Azure Active Directory and your Admin Center tenant automatically.
Inthisscenario,ifyouconfiguredAzureActiveDirectorytosynchronizeusersandgroupsautomatically,theclientcredentialsthatyougenerateinAdminCenterenableAzureActiveDirectorytorequestOAuthaccesstokenstocommunicatewithOTDSandAdminCenterusingtheSCIMprotocol.
Formoreinformation,seeSynchronizing Azure Active Directory users and groups with Admin Center.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 31: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/31.jpg)
OT2 Admin Tenant Administrator Guide
31
Tip
FormoreinformationabouttheOAuthframework,seehttps://oauth.net/.
3.5.1 Generating client credentials for the Tunnel Agent
Note
YoucanalsogenerateclientcredentialsfortheTunnelAgentatthesubscriptionlevelif,forexample,youwanteachapptousedifferentclientcredentials.Formoreinformation,see“Generating client credentials for the Tunnel Agent”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
1. Atthetenantlevel,clickAPI service credentialsonthenavigationmenu.
2. OntheAPI service credentialspage,clicktheAddbutton ,andselectCreate API key.
3. IntheDescriptionbox,typeadescriptionforthecredentials.
4. IntheAccess token lifetime (seconds)box,specifythelengthoftime,inseconds,thattheOAuthaccesstokenwillbevalidforafteritisgenerated.Thedefaultvalueis900seconds.
5. IntheRefresh token lifetimebox,specifythelengthoftime,inseconds,thattheOAuthrefreshtokenwillbevalidforafteritisgenerated.Thedefaultvalueis28800seconds.
6. ClickCreatetogeneratetheclientcredentials.
7. ClickCopytocopytheclientIDandclientsecretvaluestoyourclipboard.Pastethesevaluestoalocationwhereyoucanaccessthemeasilylater.
8. ClickOk, I understandtoclosethedialogbox.
Note
YoumustprovidetheclientIDandclientsecretvaluesyougeneratedtoyoursystemadministrator.
3.5.2 Generating client credentials for Azure Active Directory
Note
Beforecompletingthisprocedure,youmustcreateapartitioninAdminCenter.Formoreinformation,seeScenario 3: Setting up SCIM synchronization with Azure Active Directory.
1. Atthetenantlevel,clickAPI service credentialsonthenavigationmenu.
2. OntheAPI service credentials page,clicktheAddbutton ,andselectCreate SCIM Oauth Key.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 32: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/32.jpg)
OT2 Admin Tenant Administrator Guide
32
3. IntheClient IDbox,specifytheclientIDvalueoftheOAuthclient.ThisvaluemusttaketheformAZURE_SCIM_directory_ID,wheredirectory_IDisthedirectoryIDvaluefromAzureActiveDirectory.
Tip
ThedirectoryIDvalueislocatedonthePropertiespageinAzureActiveDirectory.
Formoreinformation,see“Quickstart: Set up a tenant”intheAzureActiveDirectorydocumentation.
4. IntheAccess token lifetime (seconds)box,specifythelengthoftime,inseconds,thattheOAuthaccesstokenwillbevalidforafteritisgenerated.Thedefaultvalueis900seconds.
5. IntheRefresh token lifetimebox,specifythelengthoftime,inseconds,thattheOAuthrefreshtokenwillbevalidforafteritisgenerated.Thedefaultvalueis28800seconds.
6. InthePartitionlist,selectthepartitionyoucreatedtosynchronizeAzureActiveDirectoryusersandgroups.
7. ClickCreatetogeneratetheclientcredentials.
8. ClickOk, I understandtoclosethedialogbox.
3.5.3 Changing the expiry periods or partition for access tokens
Aftergeneratingclientcredentials,youcanoptionallyincreaseordecreasetheexpiryperiodsfortheOAuthaccesstokensthatareusedtocommunicatewithAdminCenter.
IfyougeneratedclientcredentialsforAzureActiveDirectory,youcanalsoassignthegeneratedclientcredentialstoadifferentAdminCenterpartitionif,forexample,youwanttosynchronizeAzureActiveDirectoryuserandgroupinformationwithanewpartition.
1. Atthetenantlevel,clickAPI service credentialsonthenavigationmenu.
2. ClicktheMore optionsbutton intherowthatcorrespondstothecredentialsforwhichyouwanttochangetheaccesstokenexpiryperiodsorpartitionandselectEdit.
3. IntheAccess token lifetime (seconds)andRefresh token lifetime (seconds)boxes,specifynewexpiryperiodsfortheOAuthaccessandrefreshtokensasneeded.Youcantypenewnumericvaluesorusethearrowbuttonstoselectnewvalues.
4. Inthe Partitionslist,selectanewpartitionfortheclientcredentialsasneeded.
5. ClickUpdate.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 33: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/33.jpg)
OT2 Admin Tenant Administrator Guide
33
3.5.4 Regenerating a client secret value
Ifyouneedtochangetheclientsecretvalueyouareusingforsecurityreasons,youcangenerateanewclientsecretvalueforanexistingclientID.Afteryouregenerateaclientsecretvalue,thenewclientsecretvalueisassociatedwiththeexistingclientIDandtheoldclientsecretvalueisdisabled.
1. Atthetenantlevel,clickAPI service credentialsonthenavigationmenu.
2. ClicktheMore optionsbutton intherowthatcorrespondstothecredentialsforwhichyouwanttoregeneratetheclientsecretvalueandselectRegenerate.
3. TheRegenerate credentials dialogboxdisplaysthedescription,clientID,andaccesstokenexpiryperiodsforthenewclientsecretvalueyouwillgenerate.Thesevaluesareread-only.
4. ClickRegeneratetogenerateanewclientsecretvalue.
5. IfyouneedtoprovidethenewclientsecretvaluetoyoursystemadministratortoconfiguretheTunnelAgent,clickCopytocopytheclientsecretvalueyougeneratedtoyourclipboardandpastethisvaluetoalocationwhereyoucanaccessiteasilylater.
6. ClickOk, I understandtoclosethedialogbox.
4 Configuring connection settingsIfyouneedtoconnectappstoon-premisesrepositories,suchasContentServerandDocumentumServer,youmustconfigurerepositoryconnectionsonyourtenant.Youmustconfigureaconnectionforeachrepositorytowhichyouwanttoconnectapps.
OntheConnectionspage,youcanconfigureconnectionsettingsforDocumentumServerrepositoriesontheD2connectionstab.Youcanconfigureconnectionsettingsforallothertypesofrepositories,suchasContentServerandSalesforce,ontheGeneral connectionstab.
AfteryouconfigureD2connectionsatthetenantlevel,subscriptionadministratorscanselectthoseconnectionsforappsatthesubscriptionlevel.Formoreinformation,see“Connecting an app to one or more repositories”inOpenTextOT2AdminCenter-SubscriptionAdministratorHelp.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 34: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/34.jpg)
OT2 Admin Tenant Administrator Guide
34
4.1 Configuring repository connection settings
4.1.1 To configure connection settings for a repository other than Documentum:
1. Atthetenantlevel,clickConnectionsonthenavigationmenu.
2. ClicktheGeneral connectionstab.
3. ClicktheAdd button .
4. IntheConnection namebox,typeanamefortheconnection.
5. [Optional]IntheDescriptionbox,typeadescriptionfortheconnection.
6. IftheTunnelAgentisconfiguredinyouron-premisesenvironment,turnontheUse secure tunnelswitch.Formoreinformation,seeSetting up the Tunnel Agent.
7. IntheConnection typelist,selectaconnectiontype.
8. Specifyparametervaluesfortheconnectiontypeyouselected.Formoreinformationaboutthevaluesyoucanspecify,seethedocumentationforyourapponOpenTextMySupportorcontactyoursystemadministrator.
9. ClickTest connectiontotesttheconnection.
10. ClickSave.
4.1.2 To configure connection settings for a Documentum repository:
1. Atthetenantlevel,clickConnectionsonthenavigationmenu.
2. ClicktheD2 connectionstab.
3. ClicktheAdd button .
4. IntheConnection namebox,typeanamefortheconnection.
5. IntheDescriptionbox,typeadescriptionfortheconnection.
6. IntheConnection URLbox,typetheURLfortheDocumentumServersystemyouwanttoconnecttooneormoreapps.
7. IftheTunnelAgentisconfiguredinyouron-premisesenvironment,turnontheSecure tunnelswitch.Formoreinformation,seeSetting up the Tunnel Agent.
8. ClickTest connectiontotesttheconnection.
9. ClickSave.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 35: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/35.jpg)
OT2 Admin Tenant Administrator Guide
35
5 Managing your tenantAtthetenantlevel,youcanconfigureemailnotificationsettingsandothersettingsthatapplytoallofthesubscriptionsonyourtenantbydefault.Youcanalsoviewtenantandsubscriptioninformation.
5.1 Managing subscriptions
TheSubscriptionspagelistsalloftheappsubscriptionsthatyouarepermittedtomanageonyourtenant.Youcanusethispagetoviewinformationabouteachsubscription,forexample,thesubscriptionURLandnumberofdaysleftinthesubscription.
5.1.1 To open the Subscriptions page:
Atthetenantlevel,clickSubscriptionsonthenavigationmenu.
Tip
Ifyouwanttomanageasubscription,clickasubscriptioninthelist.Formoreinformationaboutmanagingsubscriptions,seeOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
5.2 Customizing Admin Center emails
Youcancustomizetheimage,replyemailaddress,andsendernamedisplayedinallemailsthatAdminCentersendsforallsubscriptionsonyourtenant,forexample,emailsyousendtoinviteuserstosubscribetoappsandinviteuserstobecometenantandsubscriptionadministrators.
5.2.1 Customizing the image displayed in emails
Beforecustomizingtheimage,youmustsavethe.png,.gif,or.svgimagefileyouwanttouseinapubliclocation,forexample,asharedfolderonanon-premisesserver.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 36: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/36.jpg)
OT2 Admin Tenant Administrator Guide
36
5.2.1.1 To customize the image displayed in emails:
1. Atthetenantlevel,clickEmail notificationsandthenclickLogoonthenavigationmenu.
2. Inthetextbox,typethefullyqualifiedURLoftheimagefileyouwanttouse,forexample,https://server.domain.com/PublicFolder/logo.png.TheURLmuststartwithhttps.
3. ClickAPPLY.
4. ClickSave.
5.2.2 Customizing the reply address and sender name in emails
5.2.2.1 To customize the reply address and sender name in emails:
1. Atthetenantlevel,clickEmail notificationsandthenclickSenderonthenavigationmenu.
2. IntheSender box,typethereplyemailaddressyouwanttouse.
3. IntheDisplay Namebox,typethesendernameyouwanttouse.
4. ClickSave.
5.3 Viewing tenant details
YoucanusetheTenant details pagetoviewinformationaboutyourtenant.
IfyourtenanthasanAuth partitionspage,thefollowinginformationappearsontheTenant detailspage:
•Partitions: Thepartitionsonyourtenant.
•Tenant name: ThetenantnamespecifiedbyyourOpenTextAccountExecutive.
•Tenant ID: TheuniqueIDofyourtenant.AdminCenterautomaticallyassignsauniqueIDtoeachtenant.Ifyouaremanagingappsonmultipletenants,youcanclickthe specify a different tenantlinkontheAdminCentersign-inpageandprovideatenantIDtoswitchtothattenant.
•Company description:ThecompanydescriptionspecifiedbyyourOpenTextAccountExecutive.
•External ID:TheexternalIDofyourtenantspecifiedbyyourOpenTextAccount Executive.
•Registered since: ThedateonwhichthetenantwascreatedinAdminCenter.
•Language: Thedefaultlanguagethatisselectedforyourtenant.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 37: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/37.jpg)
OT2 Admin Tenant Administrator Guide
37
Ifyourtenanthasan Auth partitions page,thefollowinginformationappearsontheTenant detailspage:
•Tenant name: ThetenantnamespecifiedbyyourOpenTextAccountExecutive.
•Tenant email domains:Thedomainordomainsinwhichthetenantislocated.
•Registered since: ThedateonwhichthetenantwascreatedinAdminCenter.
•Tenant users: Thetotalnumberofuserswhoareassignedtosubscriptionsonthe tenant.
•Subscriptions: Thesubscriptionsthatareavailableonthetenant.Eachicon representsadifferentsubscription.
•SAML metadata URL: AURLthatspecifiesthelocationoftheSAMLmetadatafile.
•SAML SSO URL: AURLthatspecifiestheSSOsign-inpageofyourSAMLidentity provider.
•SAML login URL: AURLthatspecifiesthesign-inpageofyourSAMLidentityprovider.
•SCIM Sync URL: AURLthatspecifiesthebaseSCIMendpointforOTDS.
Tip
YoucanusetheURLvaluestoconfigureauto-provisioningonyouridentityprovider.Formoreinformation,seeSSO scenarios.
6 Managing users and groupsAtthetenantlevel,youcanaddandremovetenantadministrators,monitorusersubscriptions,andcreateandmanagetenantgroups.
6.1 Adding and removing tenant administrators
Youcanaddtenantadministratorsifyouwanttoallowotheruserstoconfiguretenantsettingsandmanageallofthesubscriptionsonyourtenant.
Whenyouaddatenantadministratortoyourtenant,AdminCentersendsanemailinvitationtothatuserattheemailaddressyouspecify.Theuser’sstatusisalsosetto Invitation PendingontheTenant adminspage.TheusermustclickthelinkinthatemailtoregisteranaccountontheOT2platformandsignintoAdminCenter.Aftertheusersignsin,theuser’sstatuschangestoActiveontheTenant adminspage.TheusermustusethatemaillinkandtheregisteredOT2credentialstosigninasatenantadministratorinthefuture.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 38: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/38.jpg)
OT2 Admin Tenant Administrator Guide
38
Tip
IfyourtenanthasanAuthentication schemespage,aTenantcolumnappearsontheTenant adminsandTenant userspages.Thiscolumnindicateswhethereachuserisinternalorexternalonthecurrenttenant.Formoreinformation,see Understanding the Tenant column on the Tenant admins and Tenant users pages.
6.1.1 Adding a tenant administrator
1. Atthetenantlevel,clickTenant adminsonthenavigationmenu.
2. ClicktheAddbutton .
3. Inthetextbox,typeanemailaddressorsearchforandselecttheemailaddressthatbelongstotheuseryouwanttoaddasatenantadministrator.
4. ClickInvite.
6.1.2 Resending email invitations
Ifneeded,youcanresendemailinvitationstouserswhohaveanInvitation PendingstatusontheTenant adminspage.FormoreinformationabouttheInvitation Pendingstatus,seeAdding and removing tenant administrators.
1. Atthetenantlevel,clickTenant adminsonthenavigationmenu.
2. ClicktheMore optionsbutton intherowthatcorrespondstotheuserwhoyouwanttoresendtheinvitationto.
3. SelectResend invite.
4. [Optional]Inthetextbox,typeanewemailaddresstowhichtosendtheinvitation.
5. ClickResend.
6.1.3 Removing a tenant administrator
1. Atthetenantlevel,clickTenant adminsonthenavigationmenu.
2. ClicktheMore optionsbutton intherowthatcorrespondstothetenantadministratoryouwanttoremove.
3. SelectRemove from role.
4. Whenpromptedtoremovetheuserfromthetenantadministratorrole,clickRemove from role.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 39: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/39.jpg)
OT2 Admin Tenant Administrator Guide
39
6.2 Managing tenant users
TheTenant userspagelistsallofthetenantadministratorsonyourtenant,alloftheuserswhohavebeeninvitedtosubscribetoappsonyourtenant,andalloftheuserswhoarecurrentlysubscribedtoappsonyourtenant.
Youcanusethispagetomonitoruseractivitiesonyourtenant,forexample,thestatusofeachuser’ssubscriptionandthedateandtimeeachuserlastsignedintoAdminCenter.Youcanalsoviewdetailedinformationabouteachuser,forexample,thesubscriptionsandapprolesassignedtoeachuser.
IfyourtenanthasanAuth partitionspage,youcanalsodothefollowingtomanageuseraccounts:
•Disableuseraccountstopreventusersfromsigningintoyourtenantandallofthe appsonyourtenant.Formoreinformation,seeDisabling and enabling user accounts.
•Unlockuseraccountsifusersarelockedoutoftheiraccountsaftermultipleinvalid passwordattempts.Formoreinformation,seeUnlocking user accounts.
•Resettwo-factorauthenticationsettingsforusers.Formoreinformation,see Resetting user two-factor authentication settings.
•Moveuserstoadifferentpartition.Formoreinformation,seeMoving users to a different partition.
Tip
IfyourtenanthasanAuthentication schemespage,aTenantcolumnappearsontheTenant adminsandTenant userspages.Thiscolumnindicateswhethereachuserisinternalorexternalonthecurrenttenant.Formoreinformation,see Understanding the Tenant column on the Tenant admins and Tenant users pages.
Formoreinformationaboutapproles,see“Assigning app roles to user and groups”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
6.2.1 Viewing user information
1. Atthetenantlevel,clickTenant usersonthenavigationmenu.
2. Toviewinformationaboutauser,clicktheMore optionsbuttonintherowthatcorrespondstotheuseryouwanttoviewinformationfor,andselectDetails.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 40: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/40.jpg)
OT2 Admin Tenant Administrator Guide
40
6.2.2 Disabling and enabling user accounts
Youcandisableuseraccountsifyouneedtopreventusersfromsigningintoyourtenantandalloftheappsonyourtenantforsecurityreasons.YoucandisableanyuseraccountthatissettoActiveontheTenant userspage.
Whenauseraccountisdisabled,adisable icon appearsbesidetheaccountnameontheTenant userspage.Iftheuserassociatedwiththataccountattemptstosignintothetenantoranapponthattenant,anerrormessageappearsonthesign-inpage.
Ifyouwanttoallowuserstosignintothetenantandappsagain,youcanenableuseraccountsyoupreviouslydisabled.Youcanalsoenableuseraccountsthatothertenantadministratorshavedisabled.
Note
ThisfunctionalityisavailableifyourtenanthasanAuth partitionspage.
1. Atthetenantlevel,clickTenant usersonthenavigationmenu.
2. ClicktheMore optionsbuttonintherowthatcorrespondstotheuseraccountyouwanttodisableorenable,andselectDisableorEnable.
3. Whenpromptedtodisableorenabletheuseraccount,clickYes, continue.
6.2.3 Unlocking user accounts
DependingonhowyouconfiguredthepasswordpolicyrulesontheNativepartition,userscanbelockedoutoftheiraccountsaftermakingmultipleinvalidpasswordattempts.
TheAttempts before lockoutrulespecifieshowmanyinvalidpasswordattemptscantakeplacebeforeanaccountislockedandtheLockout duration in minutesrulespecifiesthelengthoftimethatmustelapsebeforealockedaccountisunlockedautomatically.Formoreinformation,seeConfiguring a password policy.
Whenanaccountislocked,alockicon appearsbesidetheaccountnameontheTenantusers page and the account cannot be used until you unlock it manually on the Tenant userspageoritsLockout duration in minutesperiodexpires.
Youcanunlockauseraccountmanuallyif,forexample,auserneedstoaccesshisorheraccountbeforetheLockout duration in minutesperiodexpires.
Note
ThisfunctionalityisavailableifyourtenanthasanAuth partitionspage.
Thisfunctionalityappliesonlytoaccountsonthe Nativepartition.
1. Atthetenantlevel,clickTenant usersonthenavigationmenu.
2. ClicktheMore optionsbutton intherowthatcorrespondstotheuseraccountyouwanttounlock,andselectUnlock.
3. Whenpromptedtounlocktheuseraccount,clickYes, continue.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 41: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/41.jpg)
OT2 Admin Tenant Administrator Guide
41
6.2.4 Resetting user two-factor authentication settings
Ifyouenabledtwo-factorauthenticationontheNativepartition,youcanresettwo-factorauthenticationsettingsforusersiftheyneedtogeneratenewauthenticationcodestosignintoyourtenant.
Forexample,ifauserlosesanauthenticationcodethatheorshepreviouslygenerated,youcanresetthatuser’stwo-factorauthenticationsettings.Theusercanthengenerateanewauthenticationcodethenexttimeheorshesignsintoyourtenant.
Note
ThisfunctionalityisavailableifyourtenanthasanAuthpartitionspage.
Formoreinformationaboutenablingtwo-factorauthenticationontheNativepartition,seeConfiguring two-factor authentication.
1. Atthetenantlevel,clickTenant usersonthenavigationmenu.
2. ClicktheMore optionsbuttonintherowthatcorrespondstotheuserforwhomyouwanttoresettwo-factorauthenticationsettings,andselectReset two factor auth settings.
3. Whenpromptedtounlocktheuseraccount,clickYes, continue.
6.2.5 Moving users to a different partition
IfyourtenanthasanAuth partitionspage,usersareautomaticallyaddedtopartitionswhentheyjoinsubscriptions.Tosignintoyourtenant,eachusermustusetheauthenticationschemeassociatedwiththepartitionthatheorshehasbeenaddedto.Formoreinformation,seeCreating and managing partitions.
Youcanmoveuserstoadifferentpartitionif,forexample,youwantthemtouseadifferentauthenticationschemetosignintoyourtenant.
Example 5.1: Moving users to a different partition
AlloftheusersonyourtenantpreviouslyjoinedsubscriptionsthroughemailinvitationsandhavebeenaddedtotheNativepartition.However,youwanttheseuserstousetheSAMLauthenticationschemetosignintoyourtenant.
Inthisscenario,youcancreateanewpartitionfortheSAMLauthenticationschemeandthenmoveeachusertothenewpartitionontheTenant userspage.TheuserscanthenuseSAMLcredentialstosignintoyourtenant.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 42: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/42.jpg)
OT2 Admin Tenant Administrator Guide
42
Youcanmoveuserstoanytypeofpartition,regardlessofthetypeofpartitiontheycurrentlybelongto.Forexample,youcanmoveusersasfollows:
•FromtheNativepartitiontoaSAML, Hybrid,orSCIM and SAMLpartition.
•FromaSAML, Hybrid, orSCIM and SAMLpartitiontotheNativepartition.
•FromoneSAML, Hybrid,orSCIM and SAMLpartitiontoanother.
IfyoumoveuserstoanewSAML, Hybrid,orSCIM and SAMLpartition,theusersmustusecredentialsfromtheidentityproviderthatisconnectedtothenewpartitiontosignintoyourtenant.Beforemovinguserstothenewpartition,confirmthatanaccounthasbeencreatedforeachuseronthenewidentityprovider.
IfyoumoveusersfromaSAML, Hybrid,orSCIM and SAMLpartitiontotheNative partition,eachuserwillautomaticallyreceiveanemailtocreateanewpasswordontheOT2platform.Userscanthenusetheirexistingemailaddressandnewlycreatedpasswordtosignintothetenant.
Note
IfyoumoveuserstoanewSAML, Hybrid, orSCIM and SAMLpartition,AdminCenterautomaticallyremovestheusersfromallofthetenantandsubscriptiongroupsthattheybelongtoandaddsthemtothenewpartition’sAllUsers_partition_nametenantgroup.
Formoreinformationabouttenantandsubscriptiongroups,seeUnderstanding tenant groupsand“Creating and managing subscription groups”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Tip
ThePartitioncolumnontheTenant userspageindicateswhichpartitionseachuserbelongsto.
6.2.5.1 To move a user to a different partition:
1. Atthetenantlevel,clickTenant usersonthenavigationmenu.
2. ClicktheMore optionsbutton intherowthatcorrespondstotheuseryouwanttomove,andselectChange partition.
3. IntheChange Partitiondialogbox,selectthenameofthepartitionyouwanttomovetheuserto,andclickContinue.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 43: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/43.jpg)
OT2 Admin Tenant Administrator Guide
43
6.3 Understanding the Tenant column on the Tenant admins and Tenant users pages
IfyourtenanthasanAuthentication schemespage,aTenantcolumnappearsonboththeTenant adminsandTenant userspages.Thiscolumnindicateswhichusersareinternalorexternalonthetenantthatiscurrentlyopen.
Auserisinternalifthedomainofhisorheremailaddressmatchesthedomainofthecurrenttenantandifheorsheisregisteredonlyonthecurrenttenant,thatis,theuserhasacceptedaninvitationtobecomeatenantadministratororsubscribetoanapponthecurrenttenantonlyandhasneveracceptedinvitationsassociatedwithothertenants.
Auserisexternalinthefollowingscenarios:
•Ifthedomainofthatuser’semailaddressdoesnotmatchthedomainofthecurrenttenant.
•Ifthatuserisregisteredontenantsotherthanthecurrenttenant,thatis,theuserhaspreviouslyacceptedaninvitationtobecomeatenantadministratororsubscribetoanappononeormoreothertenants.
•Ifthatuser’sstatusissettoInvitation Pending,thatis,theuserhasnotyetacceptedaninvitationtobecomeatenantadministratororsubscribetoanapponthecurrenttenant.
6.4 Understanding tenant groups
Tenantgroupsenableyoutoassignsubscriptionsandpermissionstogroupsofusers.
Atthetenantlevel,youcancreateanynumberoftenantgroupsmanuallyontheTenant groupspage.Youcanaddthefollowingtypesofusersandgroupstomanuallycreatedtenantgroups:
•Userswhoarecurrentlysubscribedorhavebeeninvitedtosubscribetoappsonyourtenant.
•Anyexistingtenantgroups.
IfyourtenanthasanAuth partitionspage,AdminCenteralsoautomaticallycreatesatenantgroupforeachpartitionyoucreate.OntheTenant groupspage,thenameofeachautomaticallycreatedgrouphastheformAllUsers_partition_name.Alluserswhoareaddedtoapartitionthroughauto-provisioningoruserandgroupsynchronizationareautomaticallyaddedtothepartition’stenantgroup.YoucannoteditautomaticallycreatedtenantgroupsoraddnewuserstothemontheTenant groupspage.
Afteroneormoretenantgroupsarecreatedeithermanuallyorautomaticallyatthetenantlevel,thetenantgroupsareavailabletobeusedatthesubscriptionlevel.Subscriptionadministratorscandooneorbothofthefollowing:
Needmorehelp?VisittheOT2AdminCenterforum
![Page 44: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/44.jpg)
OT2 Admin Tenant Administrator Guide
•Addthetenantgroupstosubscriptiongroupstoassignsubscriptionstogroups ofusers.Formoreinformation,see“Creating and managing subscription groups”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
•Assignthetenantgroupstooneormoreapproles.Tenantgroupmemberswillthen inheritthepermissionsassociatedwiththeirassignedapproles.Formoreinformation,seeOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Tip
Formoreinformationaboutapproles,see“Assigning app roles to user and groups”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
6.4.1 Creating a tenant group manually
6.4.1.1 To create a tenant group manually:
1. Atthetenantlevel,clickTenant groupsonthenavigationmenu.
2. ClickCreate group.
3. IntheGroup namebox,typeanameforthetenantgroup.
4. [Optional]Inthe Descriptionbox,typeadescriptionforthetenantgroup.
5. ClickCreate.
6.4.1.2 To add a user or existing tenant group to one or more tenant groups:
1. Atthetenantlevel,clickTenant groupsonthenavigationmenu.
2. Inthetextbox,dooneofthefollowing:
•Typethefirstfewlettersofanemailaddressthatbelongstoauserwhoiscurrentlysubscribedorhasbeeninvitedtosubscribetooneormoreappsonyourtenant.
•Typethefirstfewlettersofanamethatbelongstoanexistingtenantgroup.
3. Selecttheemailaddressornamethatbelongstotheuserortenantgroupyouwanttoadd.
4. IntheSelect grouplist,selectoneormoretenantgroupstowhichyouwanttoaddtheuserorexistingtenantgroupyouselectedinthepreviousstep.
5. ClickAdd to groups.
44Needmorehelp?VisittheOT2AdminCenterforum
![Page 45: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/45.jpg)
OT2 Admin Tenant Administrator Guide
45
6.4.1.3 To view the users and tenant groups in each tenant group:
1. Atthetenantlevel,clickTenantgroupsonthenavigationmenu.
2. IntheTenantGroupslist,clickthenameofthetenantgroupyouwanttoview.Thetenantgroup’spagelistsalloftheusersandtenantgroupsthatbelongtothetenantgroupyouselected.
Tip
Formoreinformationaboutapproles,see“Assigning app roles to user and groups” inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
6.4.2 Editing the name and description of a manually created tenant group
Note
Youcannoteditautomaticallycreatedtenantgroups.
6.4.2.1 To edit the name and description of a manually created tenant group:
1. Atthetenantlevel,clickTenant groupsonthenavigationmenu.
2. IntheTenant groupslist,clickthenameofthetenantgroupyouwanttoedit.
3. Onthetenantgroup’spage,clicktheEditbutton .
4. Editthenameanddescriptionofthetenantgroupasneeded.
5. Click Update.
6.4.3 Deleting a manually created tenant group
Note
Beforedeletingatenantgroup,confirmthatnoapprolesareassignedtothatgroup.Ifapprolesareassigned,OpenTextrecommendsthatyouremovetheapprolesfromthegroupfirst.Formoreinformation,see“Assigning app roles to users or groups on the Roles page”inOpenTextOT2AdminCenter–SubscriptionAdministratorHelp.
Youcannotdeleteautomaticallycreatedtenantgroups.
6.4.3.1 To delete a manually created tenant group:
1. Atthetenantlevel,clickTenant groupsonthenavigationmenu.
2. IntheTenant groupslist,placeyourpointeronthenameofthetenantgroupyouwanttodelete,andclicktheDeletebuttoninthecorrespondingrow.
3. Whenpromptedtodeletethegroup,click Delete.
Needmorehelp?VisittheOT2AdminCenterforum
![Page 46: OT2 Admin Center · 2021. 6. 23. · If you are using Azure Active Directory, you can synchronize user and group information between Azure Active Directory and your Admin Center tenant.](https://reader035.fdocuments.us/reader035/viewer/2022071517/613a7d880051793c8c011291/html5/thumbnails/46.jpg)
OT2 Admin Tenant Administrator Guide
About OpenTextOpenTextenablesthedigitalworld,creatingabetterwayfororganizationstoworkwithinformation,on-premisesorinthecloud.FormoreinformationaboutOpenText(NASDAQ/TSX:OTEX),visitopentext.com.
Connect with usOpenTextCEOMarkBarrenechea’sblog|Twitter|LinkedIn
46Needmorehelp?VisittheOT2AdminCenterforum