Examples of authorization policies
Below, you will find some examples of authorization policies in Nova.
Delegating password resets
In this video we see how to delegate the ability to perform password resets.
Delegating out of office administration
In this video we see how to delegate the ability to manage out of office (automatic replies) messages.
Delegating management of MFA
In this video we see how to delegate the ability to manage multi-factor authentication settings for users.
Delegating custom PowerShell scripts
As a System or Account Administrator, you have the ability to delegate the execution of Custom PowerShell scripts to other administrators. Click here for more information on that. Follow to steps below on how to create an authorization policy to delegate custom PowerShell Scripts.
1.Go to Manage administration > Authorization Policies.
2.Click Add.
3.Enter a name for your policy.
4.On the Assignment section, on the Delegate to tab, click Add, and add the user(s) and/or OU(s) you would like to delegate the policy to.
5.Then select Managed Objects and choose which user(s) and/or OU(s) you would like the delegated administrator to perform the actions on.
6.Then select Actions and select Executes Custom PowerShell Script, and click the arrow button.
7.Under PowerShell Commands, and add the PowerShell commands that have been created. Once you have selected them, click Close.
|
|
NOTE: Go here to learn more about creating custom PowerShell scripts. |
8.Select the properties you would like to apply to your policy, then click Close.
9.Once you are finished creating the policy, click Save.
Exporting and importing policies
To ensure the policy does not become lost or corrupted, you might want to export/save the configuration to a safe location.
Exporting an authorization policy or configuration policy
Follow the steps below to export a policy file.
1.From the left menu bar, select Manage Administration > Authorization policies or Configuration policies (depending on the type of policy you want to export).
2.Either:
oExport all policies by selecting Export > Export All.
oExport a specific policy (or policies) by selecting the check box next to any policies you want to export and selecting Export > Export Selected.
3. Click OK.
A .zip file containing the policy configuration is saved to your Downloads folder.
Importing an authorization policy or configuration policy
When you are ready to restore a previously exported policy file, follow the steps below.
1.From the left menu bar, select Manage Administration > Authorization policies or Configuration policies (depending on the type of policy you want to import).
2.Click Import.
3.Specify how you want duplicate policy names to be handled.
4.Browse for the policy file, select it, and click Open.
5.Click Import.
The restored/imported policy can now be found in your list of policies.
Policy properties
You can edit details related to actions added to authorization policies using the Properties tab (shown below).
After adding actions to a policy, you can select whether delegates can see or edit information related to the assigned actions.
For example, after assigning the Update Tenant User action to an authorization policy, you might edit the policy's properties so delegates (i.e. members of the help desk) cannot read and/or edit certain information.
Here is a video showing more about properties.
Configuration policies
Configuration policies bring standardization to a particular tenant (organizational unit). For example, you could use a configuration policy to grant access to a certain resource for all users within a tenant.
Or, you might manage two tenants. One contains people working in the United States, and the other contains people in the United Kingdom. You can create configuration policies to give users in the United States a Country attribute of US. And, another configuration policy gives users within the United Kingdom a Country attribute of UK.
Once a configuration policy is assigned to a particular tenant (organizational unit), a job is initiated. The job updates all user objects within the tenant, as shown below.
After initial setup, any time a new user is added to the tenant (organizational unit), a job runs to ensure the user object matches all of the tenant's configuration policies.
For a brief overview, check out the video below:
Click here to watch an introductory video on configuration policies.
Supported actions
At this time, any of these actions can be added configuration policies:
·Add User to Groups: add a user to a group
·Assign User License: Manage Office 365 licenses.
·Graph Set Out of Office: Set user's out of office status.
·Set Cloud User Manager: Set a user's manager.
·Set Mailbox Primary SMTP Address: Set a user's primary email address.
·Set User Multi-factor authentication: Set a user's MFA status.
·Update Cloud User: Update Office 365 user attributes.
·Update On-Premises User: Update on-prem user attributes.