Switching to Token Authentication

Customer consent for securing Service Provider access to their Microsoft 365 platform can be secured using only Microsoft Graph Token-based authentication.

This is recommended method for securing connection to Microsoft 365.

To switch to token authentication:
1. In the Service portal Navigation pane, select Configuration > M365 Configuration.
2. Click Validate Authentication to ensure current token is valid. Last Authentication Status: Successful is displayed.

3. In the Microsoft 365 Settings screen, click Switch to auth token.

The following dialog is displayed.

4. Enter the email address of the customer administrator to whom you wish to send the invitation.

The following confirmation screen is displayed showing the invitation sent to the customer IT administrator from the Service Provider IT administrator.

5. In the Multitenant interface, open the Customer Invitations screen (see Pending InvitationsView the Customer Invitation sent to the email address entered above.

An email similar to the following is sent to the customer administrator.

6. Click the link sent in the mail to start the authentication process.

7. Click Start authentication.

8. Copy the displayed code to clipboard and then click the link highlighted above.
9. Open the web browser link shown below the Start authentication button.

10. Choose the account of the customer tenant administrator with "Global" permissions or Service Account (see Secure Token Connection).
11. You will be prompted to authenticate your account using Microsoft Authenticator. A screen similar to the following is displayed.

12. Click Continue.

13. Close the above window. The confirmation of the completion of the authentication process is displayed.

14. Close the above window.
15. Return to the Microsoft 365 Settings screen. Note that "Authentication Status:  Successful" is displayed and that the Switch to user/pwd button is displayed.

16. In the Multitenant interface, open the Customer Invitations screen (see Pending Invitations, view the "Created at" and "Expires at" of the claimed token.