Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Introduction

The Office Microsoft 365 System Connector enables you to manage the identity and access lifecycle of users, resources and various other objects in the Office Microsoft 365 cloud . Like any other CoreOne Suite System Connector this includes functionality to create, read, update and delete users as well as the assignment of various access rights such as the assignment of groups, teams and other objects. The Office Microsoft 365 System Connector target system parameters is also applied for Exchange Online.

Identity management

There are 2 types of identity management for this system connector: Directly and indirectly managed identities:

...

  1. Identities are provisioned from an HR System into CoreOne Suite. Active Directory and Microsoft Entra ID identities are created.

  2. CoreOne Suite then provisions the identities only into the Active Directory.

  3. Microsoft Entra Connect gets the Users and prepares them to synchronize into Microsoft Entra ID.

  4. AD users are provisioned into Microsoft Entra ID.

  5. CoreOne then matches the UPN in CoreOne Suite identities with Microsoft Entra ID users and creates an Object ID link.

Prerequisite

To use the Exchange Online System Connector, This prerequisite can be skipped if you don’t want to provision mailboxes in Exchange Online.

The Microsoft 365 System Connector manages mailboxes in Exchange Online. The ExchangeOnlineManagementPowershell-Module must be installed on the server where the System Connector is installed needs the ExchangeOnlineManagementPowershell-Module.

Run the follwing following command in Windows Powershell:

...

For more information, checkout the follwing following documentation: https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps&source=recommendations#install-the-exchange-online-powershell-module.

System Identity Types

The following system identity types are supported:

Identity Type

Description

Azure AD User

An Azure Active Directory User

System Identity Attributes

Note

It is important to note that properties for synced users in Azure cannot be set directly on the user object. Instead, these properties must be configured through Group Policy Objects (GPOs) or managed via an on-premises user and synchronized using Entra ID Connect.

Attribute

Type

Example

Description

Password Policies (PasswordPolicies)

String

“DisablePasswordExpiration”

This attribute can be filled with different information (seperated with “,”), which state how the password policies are set for an identity.

“DisablePasswordExpiration” → The password of the relating identity never expires

“DisableStrongPassword” → The password set doesn’t have to fulfill any requirements

Show In Address List (ShowInAddressList)

Boolean

True

This attribute states, if a provisioned identity is shown in the global address book. If it’s set to “True”, the user is shown in this global address book.

Force-Change-Password-On-Next-Sign-In (ForceChangePasswordNextSignIn)

Boolean

True

This attribute states, if a user has to change his password as soon as she/he tries to sign in to any Office Microsoft 365 application. If it’s set to “True”, the password has to be changed whilst the first sign in.

System Resource Types

The following system resource types are supported:

Identity Type

Description

Security Group

A regular security group

Distribution Group

A regular distribution group

Office 365

An Office 365 group

Team

A team used in teams

LicenceLicense

An A Microsoft Office 365 licencelicense

Target System Parameters

Whenever you connect a Microsoft 365 system to the CoreOne Suite you will need to specify the following parameters.

Parameter

Mandatory

Example

Description

Application Identifier

4deeecf9-c063-4763-94c6-3db66e4ae679

The unique identifier of the application generated in the O365 administration panel

Application Certificate Subject

Microsoft Entra ID App Certificate

The self-signed certification is used to ensure client authentication with Microsoft Entra ID. This Certificate must be registered in the administration panel

Domain

m365x289341.onmicrosoft.com

The Office 365 tenant

Tenant Identifier

97b62607-cb86-48ba-9a28-e8e1e7c4c104

The unique tenant identifier

Tenant Name

Contoso - Test Tenant

The Tenant name

Username (Marked for deprecation)

-

admin@m365x28e341.onmicrosoft.com

The username to connect to

Password (Marked for deprecation)

-

🔑 * * * * * * * *

The password of the user

Connection URI (Marked for deprecation)

-

https://outlook.office365.com/powershell-liveid/

The connection URI to the outlook powershell endpoint

Application Secret (Marked for deprecation)

-

🔑 * * * * * * * *

The secret to the application generated in the administration panel

Note

From version 9.0 onwardsonward, the parameters Username, Password, Connection URI, and Application Secret are marked as deprecated.

Identity features

The following identity functions are supported:

System Connector task features

Supported

Create / delete identities

Provisioning identities 

Update identities          

Provisioning identity updates   

Deprovision identities  

Cleanup of inactive identities active     

Check password changed active

Resources features

The following resource functions are supported:

System Connector task features

Supported

Create/delete resources

Provision resources     

Update resources         

Provisioning resource changes 

Deprovisioning resources         

Provisioning resource allocations         

Deprovisioning resource allocations     

Provisioning resources-resource allocations     

Deprovisioning resource resource allocations   

Cleanup features

The following cleanup functions are supported:

System Connector task features

Supported

In the should-actual Log available    

Should be - Actually is - cleanup

Read back account properties

Resource identity member target system clean up

Resource resource member target system clean up