Run Invitation wizard using Delegated Token
You can secure the connection to the Service Provider platform through an email link to the Token Authentication wizard.
|
1.
|
Open the email of the Service account and search for the Welcome mail from Live Platform with a link to the Token Invitation wizard. |
|
2.
|
Click the link to the Token Invitation wizard sent in the mail as shown in the example above. The Invitation Wizard Welcome screen is displayed. |
|
3.
|
In the User Device Token field, enter the credentials of the Service account, and then click Start authentication. |
|
4.
|
Do one of the following: |
|
●
|
Copy the code and then click the URL link below it. |
|
●
|
Click Copy code and open page in new tab. |
|
5.
|
Click Next or enter code if you clicked the ....device/login link above. |
|
6.
|
Enter credentials of the Service account of the M365 tenant. |
|
8.
|
Enter the reason for Sign-in request and then click Request approval. An information message is displayed informing that a Request has been sent to the customer tenant Admin Consent Reviewer account defined in Setup Admin Consent Workflow Permissions. |
|
9.
|
Open the email of the Admin Consent Reviewer account. See an example mail message below. |
|
10.
|
Click Review request. |
|
11.
|
Enter the credentials of the Admin Consent Reviewer account. |
|
12.
|
You will be prompted to authenticate your account using Microsoft Authenticator. A screen similar to the following is displayed; complete the authentication process. |
You are logged in to the Azure portal of the customer tenant Admin Consent Reviewer account displaying the pending Admin Consent request for the Token registration.
|
14.
|
Click Review permissions and consent. |
|
15.
|
Enter the credentials of the Admin Consent Reviewer account, and then click Accept. |
|
16.
|
Once approved, all entries under My Pending are removed and a confirmation message is displayed. |
In addition, An email confirmation message similar to the following is received by the customer administrator.
|
17.
|
Return to the Token wizard screen. A confirmation message is displayed that the Token Invitation wizard has successfully acquired a token. |
|
18.
|
If this is the first time that you are connecting to your customer tenant, click the click here to continue the authentication process link. |
|
19.
|
Enter the credentials of the Service account. A confirmation message is displayed indicating that the Token authentication process has successfully completed. |
|
20.
|
Close the browser tab; the Tenant Activation page appears with an additional confirmation message. |
|
21.
|
Close the Tenant Activation page. |
|
22.
|
The Service Provider will notify you upon completion of the wizard. In the meantime, login to the Azure portal with Service account permissions and open the newly created Token registration (Enterprise Applications > <Token-Registration-Name>). In the Navigation pane, select Permissions to view the permissions for the new Enterprise application. |
|
23.
|
Upon the completion of the Onboarding process, you can login to the Live Platform portal (see Accessing the Customer Portal (Direct Routing), and then open the M365 Settings page (see Securing Microsoft 365 Service Provider Access). Notice that the Service account credentials are displayed. You can click Validate Authentication to test the Token connection. A confirmation message is displayed at the top of the screen. |
