Skip to content

The-MSP-KB/Public_Docs_New

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SUMMARY.md
SUMMARY.md
 
 

Repository files navigation

Page

Rewst User Setup and GDAP Relationship Guidance

Step by Step

Introduction

This guide specifically goes over the following:

  • Creating the Rewst service account user.
  • Creating the Rewst groups that GDAP permissions will be assigned to.
  • Adding the Rewst user to the AdminAgents group.
  • Creating a new admin relationship with the roles specifically required by Rewst. (Depending on your current GDAP relationship setup(s) this may not be necessary as long as your relationship contains the right roles and groups are available with the necessary permissions for the user)

Other applications/your technicians might need additional roles added to the relationship. Adding new roles after the relationship has been created requires recreating the relationship.

  • Adding the Rewst group to the admin relationship.
  • Adding the roles for the Rewst group in the admin relationship.

Below are the manual steps for completing this task

Azure Active Directory (In Partner Tenant)

  1. 1.Login to Microsoft Entra ID.
  2. 2.Navigate to Users.

  1. 3.Click New UserCreate User.

  1. 4.Provide the user principal name.
    • example: rewst
  2. 5.Provide a display name.
    • example: Rewst Integration
  3. 6.Provide a password.
    • document this for later usage
  4. 7.Click Next: Properties.

  1. 8.Click Next: Assignments.
  2. 9.Click Add Role while under the assignments tab.
  3. 10.Search for Global Administrator in the role selection.
  4. 11.Select the Global Administrator role.

Note: This role is required for installing the Enterprise Applications used when Rewst first authorizes.

  1. 12.Click Select.

  1. 13.Verify the role is now listed in the main pane.
  2. 14.Click Next: Review + Create If the role is there.
    • Verify the information is correct on the Review + Create page.
  3. 15.Click Create.
  4. 16.Navigate back to Microsoft Entra ID.
  5. 17.Click Groups.
  6. For each of the groups in our recommend roles, create a new group. We recommend calling them "Rewst GDAP Role Name", for example "Rewst GDAP Application Administrator"

  1. 19.Select Security for Group type.
  2. 20.Enter Rewst – GDAP Rolename for the group name.
  3. 21.Enter Rewst GDAP Permissions Group for the group description.
  4. 22.Set Microsoft Entra roles can be assigned to the group to Yes.
  5. 23.Click on No members selected.
  6. 24.Select the Rewst account created in the previous steps in the new pane type in Rewst.
  7. 25.Click Select.

  1. 26.Select Yes when prompted with the following:
    • "Creating a group to which Microsoft Entra roles can be assigned is a setting that cannot be changed later. Are you sure you want to add this capability?"

It is also necessary to add the user to the ‘AdminAgents’ group on the group's page as well after the previous steps are done.

Partner Center

  1. 1.Navigate to the Microsoft Partner Center.
  2. 2.Click on Customers once on the Partner Center home page.

  1. 3.Click on the name of the customer you would like to create the admin relationship for once the customer list loads.

  1. 4.Click on Admin Relationships in the left nav pane once in the customer page.

  1. 5.Press Request for new admin relationship once on the relationship page.
  2. 6.Provide a name for the admin relationship.

Note: This value must be unique per relationship/customer.

  1. 7.Provide a duration.
    • max is 730 days
  2. 8.Click Select Microsoft Entra Roles.

  1. 9.Select the roles listed in Recommended Roles for GDAP.

Note: The list is not in alphabetical order and it is recommended that you use CTRL + F to search the page to make finding the roles easier.

  1. 10.Click the Save button once all roles are selected.
  2. 11.Click Finalize Request once you've verified all the roles you selected are listed.

You will be redirected to a page that shows the request.At this point, your customer will need to accept the request or you will need to log in as a global administrator on the tenant to accept the request using the link in the Click to review and accept section.

  1. 12.Click Done.

Once the request has been approved the admin relationship will be established.

  1. 13.Verify that the relationship is established by returning to the Admin Relationships page and confirming the status is active.
  2. 14.Click on the relationship name if the status is Active.

This will bring you to the page that shows all the available roles in the relationship and the list of available security groups.

  1. 15.Click Add security groups.

  1. 16.For each of the groups create a mapping to the relationship. For example "Rewst GDAP Application Administrator" is matched to "Application Administrator"

  1. 17.Click Next.
  2. 18.Select the roles required for Rewst in the relationship as per Recommended Roles for GDAP.

  1. 19.Click Save.
  2. 20.Wait for the status to change to Active (manual page refresh is needed).

These steps will need to be performed for each customer (creating the admin relationship/assigning the group to the relationship/assigning the roles to the group in the relationship)blah blah blah

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •