The EmpowerID Office 365 connector allows you to add a Microsoft Office 365 domain to the EmpowerID Identity Warehouse as a managed account store. The EmpowerID Office 365 connector uses PowerShell to perform administrative tasks in the connected domain, such as creating and deleting users, mailboxes and groups.
The account that EmpowerID uses to connect to Office 365 must have the ability to create a service principal that allows the application to access your Office 365 tenant’s information. By default, EmpowerID uses an Office 365 account with the Global Admin role to create the service principal. If you do not want to use a Global Admin account, you will need to provide a service principal account with either one of the below permissions (depending on whether the service principal account is to be used for tenant administration):
The service principal can be created in PowerShell. For more information, see Microsoft’s article at https://docs.microsoft.com/en-us/powershell/azure/create-azure-service-principal-azureps?view=azps-3.3.0. Please note that if you chose to provide your own service principal, the account must be maintained by your organization. |
You must have an Office 365 Business account with Microsoft, and install the specified versions of the following modules on each EmpowerID server you want to use to manage the domain. If your EmpowerID servers have Windows Azure AD Module for Windows PowerShell and MSOnline Sign-In Assistant installed, you must remove them before installing the required version. You must install the following modules in this order.
|
Click the Actions tab, and then click the Create Account Store action.
The Add New Security Boundary page appears.
In the Office 365 Details page that appears, supply values for the following fields and click Submit.
myaccount.onmicrosoft.com
.If you are using the Account Inbox to provision or join the user accounts in the external directory to Empower Persons, you need to turn on the Account Inbox. This is demonstrated in the below section.
If your Office 365 subscription includes Exchange Online, you can configure EmpowerID to inventory and enforce permissions for Exchange, as well as to perform batch processing for Exchange Online actions. For more information, see Configuring EmpowerID for Exchange Online Management. |
|
|