Secure Token Connection with Global Admin Credentials

You can secure the Token connection with the customer M365 platform using the provided credentials of the customer Global admin account.

If you wish to secure the Token connection using this method, you must disable Multi-factor authentication.

Do the following:
1. In the Onboarding wizard click Add New Customer.

Graphical user interface, application Description automatically generated

2. Select Use M365admin account with known password.

3. Enter the Global Admin username and password provided by the customer.

4. Click here to start the authentication process.

5. Enter the credentials of the customer tenant Global Admin account.

The customer Tenant account must have Global Admin permissions, otherwise the “Consent on behalf of the organization” check box does not appear.

6. Click Consent on behalf of your organization, and then click Accept. A confirmation message is displayed indicating that the Token Invitation wizard has successfully completed; close the browser tab.

7. Reopen the Onboarding wizard ( In the Services page, from the Add Service drop-down, choose Direct Routing) and then click Pending Invitations to confirm that the Authentication process is complete; verify that Status is shown as Authentication Complete (see Pending Requests). You can then click Add to resume the Onboarding (see Onboarding with Hosted Essentials + or Onboarding with Hosted Pro). Note, you can also open the Multitenant interface and navigate to MonitoringService > Pending Invitations. Search for the relevant token and verify that the 'Device Authenticated' field is set to true (see Pending Invitations).

8. Login to the customer Global Admin account on the Azure portal and open the newly created Token registration (Enterprise Applications > <Token-Registration-Name>). In the Navigation pane, select Permissions to view the permissions for the new Enterprise application.

9. Upon the completion of the Onboarding process, you can login to the User Management Pack 365 SP Edition portal (see Accessing the Customer Portal (Direct Routing), and then open the M365 Settings page (see Securing Microsoft 365 Service Provider Access). Notice that the Service account credentials are displayed. You can click Validate Authentication to test the Token connection. A confirmation message is displayed at the top of the screen.