Secure Connection using Delegated Token
If the customer purchased a Hosted Essentials Plus or Hosted Pro license then they must grant consent to the Service Provider or Channel administrator for accessing their M365 platform. The consent is secured using Token authentication between the Live Platform and the customer M365 tenant. The Token connection is initially established through a Token wizard using the credentials of the customer Azure account. Once the Token connection is securely established, the account credentials can be used to create the new customer and then in Day Two for synchronizing the Live Platform database with their M365 platform. For example, configuration of M365 Voice Routing templates or retrieving a list pf new employees added to the customer Active Directory. The Token Invitation wizard is used for establishing the Token connection with the customer M365 platform.
Securing connection using Delegated Token is only relevant for Hosted Essentials Plus and Hosted Pro customers.
The Token connection should be secured using a customer-defined M365 Azure Service account. Using this method, the following Microsoft Graph API permissions must be consented by the customer:
|
■
|
openid: Access directory as the signed in user |
|
■
|
profile:Read all users' full profiles |
The Delegated Token connection should be secured using a Service account, requiring the following:
Once this setup is performed, then at the start of the Onboarding wizard, you trigger an email that is sent to the customer M365 Service account which includes a link to the Invitation wizard.