Switching to Token Authentication
Customer consent for securing Service Provider access to their Microsoft 365 platform can be secured using only Microsoft Graph Token-based authentication.
This is recommended method for securing connection to Microsoft 365.
| ➢ | To switch to token authentication: |
| 1. | In the Service portal Navigation pane, select Configuration > M365 Configuration. |
| 2. | Click Validate Authentication to ensure current token is valid. Last Authentication Status: Successful is displayed. |
| 3. | Click Switch to auth token. |
The following dialog is displayed.
| 4. | Enter the email address of the customer administrator to whom you wish to send the invitation. |
The following confirmation screen is displayed.
| 5. |
|
An email similar to the following is sent to the customer tenant admin. If you did not receive an email, click Resend Invitation to send it again.
| 6. | Click the link to start the wizard. |
| 7. | Click Use Device Token. |
| 8. | Enter the credentials of the customer tenant admin with consent permissions (see Secure Token Connection) and then click Start authentication. |
| 9. | Copy the displayed code to clipboard and then click the link highlighted above. |
| 10. | Choose the account of the customer tenant administrator with "Global" permissions or Service Account (see Secure Token Connection). |
| 11. | You will be prompted to authenticate your account using Microsoft Authenticator. A screen similar to the following is displayed. |
| 12. | Click Continue. |
| 13. | Close the above window. The confirmation of the completion of the authentication process is displayed. |
| 14. | Close the above window. |
| 15. | Return to the Microsoft 365 Settings screen. Note that "Authentication Status: Successful" is displayed and that the Switch to App Registration button is displayed. |
| 16. | In the Multitenant interface, open the Pending Invitations screen (see Pending Invitations, view the "Created at" and "Expires at" of the claimed token. |
