Setup Guide for Office 356 provisioning | Microsoft 365 Provisioning
Microsoft 365 Provisioning involves the process of creating, updating and deleting a user's account in Office 365 from your miniOrange portal. With miniOrange provisioning feature, you can provision all the users with their identities automatically in Office 365.
By granting users access to Office 365, you can streamline the process of setting up new users and teams, while effectively managing access permissions throughout the user lifecycle. With miniOrange, you can create, read, and update user accounts for both new and existing users, deactivate and remove accounts when needed, and synchronize data seamlessly.
Microsoft 365 User Provisioning and deprovisioning actions are bi-directional, so you can create accounts inside an external application and import them into miniOrange, or alternatively create the accounts in miniOrange and then push them out to any linked external applications.
Microsoft 365 Deprovisioning means deleting a user and removing their access from multiple applications and network systems at once. Deprovisioning action is triggered when an employee leaves a company or changes roles within the organization. The deprovisioning features increase your organization's security profile by removing access to sensitive applications and content from people who leave your organization.
What is SCIM for user provisioning?
System for Cross-domain Identity Management (SCIM) is an open standard to automate user provisioning. SCIM standard is a communication medium between an Identity Provider (IDP) and a Service Provider (SP) that requires user identity information.
SCIM provides a defined schema for representing users and groups, and a RESTful API to run CRUD operations on those user and group resources which is essential part of Provisioning users to Office 365
With the SCIM Protocol, user data is stored in a consistent way and can be shared with different applications. Since data is transferred automatically, complex exchanges are simplified and the risk of error is reduced. You will learn more about Office 365 provisioning in this document below.
Prerequisites
- Prerequisites to provision users in Office 365
- Make sure you have enough licenses in your Microsoft account to be assigned to users.
- If your Office 365 implementation uses Windows Azure Active Directory Sync Service (Azure AD Connect), then please contact miniOrange for further advice.
We will assess your use case and your current setup to determine what could be done to provide you with an optimal solution.
- miniOrange prerequisites
Provisioning & Deprovisioning Scenarios
miniOrange provides Provisioning solutions for all scenarios of user management (provisioning), which includes AD Integration, LDAP Integration and automated provisioning for all External Applications such as Office 365, Google Workspace, Workday, etc
Follow the step-by-step guide given below to setup Office 365 Provisioning
1. Setup Provisioning for Office 365
- Login into miniOrange Admin Console.
- Click on Apps from the left side nav.
- You can create Office 365 application in miniOrange or edit the existing application if already created.
Note: If you are creating a new app, you can skip Configure Microsoft Online Services step which asks you to federate your domain until you import all your users from Office 365.
- Enter your Office 365 Tenant or a verified domain from a tenant. (e.g. acme.com or acme.onmicrosoft.com)
- Click on Grant Administrator Consent.
- Enter your Microsoft Global Admin credentials. (If your domain is federated, you will have to use your default Global Admin with onmicrosoft domain)
- Accept the Permissions requested for your organization and close the window.
- Save your Office 365 application.
- Once you have granted the permissions, we can enable Provisioning features
- Go to Provisioning from the left side nav.
- Select Office 365 / Azure AD from the application dropdown list.
- Assign Office 365 / Azure AD attributes to miniOrange User Profile / Custom Attributes in Attribute Mapping Section.
| Target Attributes |
miniOrange Attribute |
|
| givenName |
DEFAULT USER PROFILE ATTRIBUTE |
First Name |
| surname |
DEFAULT USER PROFILE ATTRIBUTE |
Last Name |
| mailnickname |
DEFAULT USER PROFILE ATTRIBUTE |
Username |
| userprincipalname |
DEFAULT USER PROFILE ATTRIBUTE |
Email Address |
- Enable the provisioning features such as Import User, Create User, Edit User and Delete User which you want for users and click Save.
2. Import Users
- Go to Import Users Tab and select Office 365 / Azure AD from the dropdown. Click on Import to create users in miniOrange.
- Once the import is done. You can view these users in Users >> User List.
3. Create Users
- To create a user in miniOrange and sync the created user in Office 365 / Azure AD, Go to Users >> User List >> click on the Add User button.
- Fill out user basic information and click on Create User button.
4. Edit Users
- To update user profile, Go to Users >> User List.
- Select a particular user and in Actions dropdown select Edit.
- Fill out user updated information and click on Save button.
5. Delete Users
- To delete user, Go to Users >> User List.
- Select a particular user and in Actions dropdown select Delete.
- A pop up will appear in which click on Yes button.
6. Password Sync
- To send password sync emails to the users with link to reset their Office 365 account password, Go to Users >> User List and click on Onboarding Status tab.
- Select users and in Select Action dropdown select Send Activation Mail with Password Reset Link.
- Click on Apply.
- Click on the activation link and it will direct to reset password.
- Once, the new password is set it will be synced.
View Provisioning Reports
How to access Provisioning Reports?
- Navigate to the Reports in the left-hand navigation pane and select Provisioning Report.
- Filter the reports by specifying Enduser Identifier and Application Name criteria. Additionally, choose the desired timespan for the reports. Once done, click on the Search.
- Alternatively, you can directly click on Search to retrieve all provisioning reports based on time without applying any specific filters.
External References
