Use Service Account Username and Password

You can secure the Token connection with the customer Service account by using their account credentials in the Onboarding wizard.

If you wish to secure the Token connection using this method, you must disabled Multi-factor authentication.

Do the following:
1. In the Onboarding wizard click Add New Customer.

Graphical user interface, application Description automatically generated

2. Enter the Full and Short Customer Names.
3. Select either the Hosted Essentials + or Hosted Pro License type.
4. Set the number of required licenses.
5. Select Use M365admin account with known password.
6. Enter the username and password of the customer tenant Service account created in Create Customer Service Account.

7. Click here to start the authentication process.

8. Enter the Service account username and password again.

9. Enter justification for approval request and then click Request Approval. A request is sent to the customer tenant Admin Consent Reviewer account defined in Setup Admin Consent Workflow Permissions.

10. Open the email of the Admin Consent Reviewer account. View an example mail message below.

11. Click Review request.

12. Enter the username and password of the Admin Consent Reviewer account.

You are logged in to the Azure portal of the customer tenant Admin Consent Reviewer account displaying the pending Admin Consent request for the Token registration.

13. Click the request.

14. Click Review permissions and consent.

15. Enter the username and password of the Admin Consent Reviewer account, and then click Accept.

16. Once approved, all entries under My Pending are removed and a confirmation message is displayed.

In addition, An email confirmation message similar to the following is received by the customer Service account.

17. Return to the Onboarding wizard screen, and then click here.

18. A confirmation message is displayed indicating that the Token Invitation wizard has successfully completed; close the browser tab.

19. Reopen the Onboarding wizard ( In the Services page, from the Add Service drop-down, choose Direct Routing) and then click Pending Invitations to confirm that the Authentication process is complete; verify that Status is shown as Authentication Complete (see Pending Requests). You can then click Add to resume the Onboarding (see Onboarding with Hosted Essentials + or Onboarding with Hosted Pro). Note, you can also open the Multitenant interface and navigate to MonitoringService > Pending Invitations. Search for the relevant token and verify that the 'Device Authenticated' field is set to true (see Pending Invitations).

20. Login to the customer Service account on the Azure portal and open the newly created Token registration (Enterprise Applications > <Token-Registration-Name>). In the Navigation pane, select Permissions to view the permissions for the new Enterprise application.

21. Upon the completion of the Onboarding process, you can login to the User Management Pack 365 SP Edition portal (see Accessing the Customer Portal (Direct Routing), and then open the M365 Settings page (see Securing Microsoft 365 Service Provider Access). Notice that the Service account credentials are displayed. You can click Validate Authentication to test the Token connection. A confirmation message is displayed at the top of the screen.