Authentication Status
The Authentication Status page configures the Client IDs and redirect URIs used by the Token Invitation mechanism for securing UMP-365 access to the customer tenant’s Microsoft Office 365 platform that is used for the Background Replication process (seeQueued Tasks (Background Replication). In the Onboarding wizard (for Hosted Essentials + and Hosted Pro customers), connection to the customer's Microsoft 365 platform is secured using the following methods:
| ■ | Username and Password: The customer uses their existing username and password, however, in addition, the connection to M365 is secured with an access token that is claimed based on the configured user name and password. See |
Customers onboarded prior to version 8.0.450 with user and password must be authenticated using token-based authentication as a result of enhanced Microsoft Security policies.
| ■ | Switch to auth token: This option secures the connection with M365 through a directly-claimed access token. See |
Using both of the above methods, the customer tenant must grant consent to the Service Provider administrator. The consent process is secured through an access token that is claimed based on the configured user name and password. The Authentication Status screen summarizes the connection status with the customer tenant's M365 platform using one of the above methods.
| ■ | Switch to application registration: This option secures the connection with M365 through an Application registration that may be created automatically in the Onboarding script or manually on the customer Azure portal. |
| ➢ | To manage Authorization tokens: |
| 1. | In the Multitenant Navigation pane, open the Authentication Status page (Monitoring > Service > Authentication Status). |
| 2. | Configure the Client Id and Client Secret of the Tenant Enterprise Application Registration for Token Authentication. This registration is created in Day One Onboarding (for Hosted Essentials + and Hosted Pro customers). |
If the Client Id is not configured and then the Grant Consent option in the Self-Service portal M365 Settings (see Securing Microsoft 365 Service Provider Access) is clicked, the following error is displayed:
For example:
Authentication Status
|
Field |
Description |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Customer Id |
The Customer name. |
||||||||||||
|
M365 Email |
The email address of the Microsoft Office 365 administrator providing consent on behalf of the customer. |
||||||||||||
|
Authentication Method |
One of the following authentication methods:
|
||||||||||||
|
When Last Verified |
The date and time of the last verification of connection to customers' M365 platform. |
||||||||||||
|
Last Verification Status |
Indicates one of the following verification statuses:
|
||||||||||||
|
Update |
Refreshes screen loading updated data.
|
||||||||||||
|
Verify All |
Verifies that all claimed tokens are valid and user passwords are correct. Perform this action after 'Update' above.
|
||||||||||||
|
Reload All |
Refreshes table. Perform this action after 'Verify All'.
|
| 3. | Enter the Client ID and Client secret generated in Deploy Synchronization Application. |
| 4. | Enter the Redirect URL which consists of the IP address of the Service Provider portal. For example: |
https://finebak.domain.com/authenticate/OAuth2Callback
|
Parameter |
Description |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Actions |
One of the following actions can be performed:
|
is displayed in the Last Verification Status column.| 5. | Click Apply Changes or click Reset Changes to reconfigure. |
