Run Invitation wizard using Delegated Token

You can secure the connection with the customer M365 platform using a Delegated Token by sending an email to the customer Service account including a link to trigger the Invitation wizard.

➢

Do the following:

Open the email of the Service account and search for the Welcome mail from Live Platform with a link to the Token Invitation wizard.

If mail has not been received, open the Multitenant interface and navigate to Security > Customer Invitations. Search for the relevant token and verify that the 'Email Sent' field is set to true (see Pending Invitations). You can also initiate the Token Invitation wizard by clicking the AuthURL link (see below), and then copy the URL and paste in Web browser. In addition, check the email settings (see Configuring Email Settings).

Click the link to the Token Invitation wizard sent in the mail as shown in the example above. The Invitation Wizard Welcome screen is displayed.

In the User Device Token field, enter the credentials of the Service account, and then click Start authentication.

Do one of the following:

●

Copy the code and then click the URL link below it.

●

Click Copy code and open page in new tab.

Click Next or enter code if you clicked the ....device/login link above.

Enter credentials of the Service account of the M365 tenant.

Click Continue.

Enter the reason for Sign-in request and then click Request approval. An information message is displayed informing that a Request has been sent to the customer tenant Admin Consent Reviewer account defined in Setup Admin Consent Workflow Permissions.

Open the email of the Admin Consent Reviewer account. See an example mail message below.

10.

Click Review request.

11.

Enter the credentials of the Admin Consent Reviewer account.

12.

You will be prompted to authenticate your account using Microsoft Authenticator. A screen similar to the following is displayed; complete the authentication process.

You are logged in to the Azure portal of the customer tenant Admin Consent Reviewer account displaying the pending Admin Consent request for the Token registration.

13.

Click the request.

14.

Click Review permissions and consent.

15.

Enter the credentials of the Admin Consent Reviewer account, and then click Accept.

16.

Once approved, all entries under My Pending are removed and a confirmation message is displayed.

In addition, An email confirmation message similar to the following is received by the customer administrator.

17.

Return to the Token wizard screen. A confirmation message is displayed that the Token Invitation wizard has successfully acquired a token.

18.

If this is the first time that you are connecting to your customer tenant, click the click here to continue the authentication process link.

19.

Enter the credentials of the Service account. A confirmation message is displayed indicating that the Token authentication process has successfully completed.

20.

Close the browser tab; the Tenant Activation page appears with an additional confirmation message.

21.

Close the Tenant Activation page.

22.

Reopen the Onboarding wizard; in the Services page, from the Add Service drop-down, select Direct Routing, select your customer, and then click Pending Invitations to confirm that the Authentication process is complete. Verify that Status is shown as Authentication Complete (see Pending Requests). You can then click Add to resume the Onboarding (see Onboarding with Hosted Essentials + or Onboarding with Hosted Pro). Note, you can also open the Multitenant interface and navigate to Monitoring > Service > Pending Invitations. Search for the relevant token and verify that the 'Device Authenticated' field is set to true (see Pending Invitations).

23.

Login to the customer Service account on the Azure portal and open the newly created Token registration (Enterprise Applications > <Token-Registration-Name>). Note the newly added permissions for the new Enterprise application. In the Navigation pane, select Permissions to view the permissions for the new Enterprise application.

24.

Upon the completion of the Onboarding process, you can login to the Live Platform portal (see Accessing the Customer Portal (Direct Routing), and then open the M365 Settings page (see Securing Microsoft 365 Service Provider Access). Notice that the Service account credentials are displayed. You can click Validate Authentication to test the Token connection. A confirmation message is displayed at the top of the screen.