As our system is a companion to Office365, and Office365 uses Azure Active Directory (AAD) for user authentication, this document is not relevant to end customers as they will have an AAD account.
Some partners may sell the service to customers, but not themselves have a Microsoft AAD tenant. This document describes how to get one and how to manage users.
1 Setting up Azure Active Directory Tenant
In Microsoft terminology, a Microsoft Account is personal and a work or school account is for business. You need to create a work or school account, and this will also create an AAD tenant that you can use to create more work users.
- Browse to signup.microsoft.com
- Click “Create a work or school account”
- Click “Don’t have a work email”
- Fill in the form about you and your business, and click next
- Create a username and select a domain, then click next. The form will tell you if the domain you want is already taken – perhaps somebody else has already created an AAD with that domain.
- Complete the verification process
2 Create more users
- Browse to admin.microsoft.com
- On the menu on the list, click Users then Active Users.
- Click Add a user.
- Fill in the form, picking a username in the domain of your AAD tenant. Check the box next to Send password in email upon completion and enter the user’s real work email address in the box. Microsoft will email them their new username and password so that you don’t have to.
- Select Create user without product license
- Complete the remainder of the user creation wizard with the default values
3 Invite the user to associate with your connector service account
- Browse to your admin page
- If you see the My Customer Portal link at the top then click it, otherwise skip this step
- Click on the Account menu at the top
- Click on the Invite Administrative User button. The email address should be the real work email address, not the AAD username. Roles are as follows:
a. Account Administrator – this is the only role that can grant access to other users, and it can also view and edit customer data
b. Service Contributor – this is a support agent role where customer data can be edited but no commercial transactions can be undertaken
c. Service Viewer – as above, but read-only
d. Subscription Contributor – this role will give access to create child customer accounts. In future it will allow placing orders via the portal.