As there are significant architectural changes between the existing Office 365 driver and the Azure AD driver, you need to recreate the existing Office 365 resources in the Azure AD driver. The following considerations apply while transitioning the existing Office 365 assignments to the Azure AD driver:
You can use the existing Office 365 resources as a reference to create the resources manually and then map them appropriately to the existing Office 365 roles. For example, you have an existing role in Catalog Administrator called IT_Admin_O365_Role and the role is mapped to O365_MailboxAdmin, O365_SecurityAdmin, and O365_SharePointServiceAdmin resources. To transition the role assignments from existing Office 365 driver to Azure AD driver, you need to create similar resources for the Azure AD driver and then map them appropriately to existing IT_Admin_O365_Role role. For more information about creating roles and resources, see Managing Roles and Resources in the NetIQ Identity Manager - User’s Guide to the Identity Applications.
The following procedure explains how to create a new resource in Azure AD, assign an entitlement value to the resource, and map the resource to an existing Office 365 role in Catalog Administrator:
Turn on entitlements for the Azure AD driver.
Create a new resource.
Open a Web browser and log in to Catalog Administrator. For example: http://myappserver:8180/rra
Click the Resources tab, then click New Resource.
Fill in the values to create a new resource with entitlement for the Azure AD driver.
In Entitlement or Driver list, expand the driver and select Role Entitlement.
Refresh the selected entitlement.
In Entitlement Value Information, select Mailbox Administrator, then click Apply.
Specify a name and description for the resource. For example, Azure_MailboxAdmin
You must also create resources for other roles. For example, Security Admin, and SharePointService Admin
To assign the newly created Azure AD driver resources to an existing Office 365 role, go to the Roles tab and select the role from the list of roles. For example, IT_Admin_O365_Role
In the Mapped Resources section, search for the newly created Azure AD driver resources.
You can type in part of a driver name to display a list of resources that meet the criteria or select it from the list of available resources.
Select Resources to associate to the role and click Add.
Enter a mapping description for the resource you selected.
Click Apply and Close to exit the Roles Administration page.
If you have resources with direct assignments (resources not mapped to any role), then manually assign the permissions appropriately on the newly created resources for the Azure AD driver in Catalog Administrator.