As there are significant architectural changes between the existing Office 365 driver and the Azure AD driver, you need to recreate the existing Office 365 resources in the Azure AD driver. The following considerations apply while transitioning the existing Office 365 assignments to the Azure AD driver:
You can use the existing Office 365 resources as a reference to create the resources manually and then map them appropriately to the existing Office 365 roles. For example, you have an existing role in Identity Applications called IT_Admin_O365_Role and the role is mapped to O365_MailboxAdmin, O365_SecurityAdmin, and O365_SharePointServiceAdmin resources. To transition the role assignments from existing Office 365 driver to Azure AD driver, you need to create similar resources for the Azure AD driver and then map them appropriately to existing IT_Admin_O365_Role role. For more information about creating roles and resources, see Creating and Managing Roles in the NetIQ Identity Manager - Administrator’s Guide to the Identity Applications.
The following procedure explains how to create a new resource in Azure AD, assign an entitlement value to the resource, and map the resource to an existing Office 365 role in Identity Applications.
To create Azure AD resource and assign an entitlement value to the resource:
Turn on entitlements for the Azure AD driver.
Create a new resource.
Open a Web browser and log in to Identity Applications. For example: http://myappserver:8543/idmdash/
Go to Administration > Resources and click the + icon.
Select With entitlement.
In Entitlement or Driver list, select the Azure AD driver.
In Entitlement Association, select Mailbox Administrator from the list.
Click Create Resource.
Specify the required values such as Resource Name and Resource Description to create a new resource with entitlement for the Azure AD driver. Click Apply.
You must also create resources for other roles. For example, Security Admin, and SharePointService Admin.
To map the newly created resource to an existing Office 365 role:
Go to Administration > Roles.
Select the Office 365 role from the list. For example, IT_Admin_O365_Role.
Select Map Resource to Role.
In Available for Mapping > Resources, drag and drop the newly created Azure AD resource to Mapped Resources.
(Conditional) If a resource request form is configured, specify the necessary information and click Apply.
Specify the Mapped Description and click Apply.
If you have resources with direct assignments (resources not mapped to any role), then manually assign the permissions appropriately on the newly created resources for the Azure AD driver. Go to Administration > Resources, and .
Go to Administration > Resources.
Select the newly created Azure AD resource.
select Resource Assignments.
Click + to assign to the required users in the system.