Introduction
The Office Microsoft 365 System Connector enables you to manage the identity and access lifecycle of users, resources and various other objects in the Office Microsoft 365 cloud . Like any other CoreOne Suite System Connector this includes functionality to create, read, update and delete users as well as the assignment of various access rights such as the assignment of groups, teams and other objects. The Office Microsoft 365 System Connector target system parameters is also applied for Exchange Online.
Identity management
There are 2 types of identity management for this system connector: Directly and indirectly managed identities:
...
Identities are provisioned from an HR System into CoreOne Suite. Active Directory and Microsoft Entra ID identities are created.
CoreOne Suite then provisions the identities only into the Active Directory.
Microsoft Entra Connect gets the Users and prepares them to synchronize into Microsoft Entra ID.
AD users are provisioned into Microsoft Entra ID.
CoreOne then matches the UPN in CoreOne Suite identities with Microsoft Entra ID users and creates an Object ID link.
Prerequisite
To use the Exchange Online System Connector, This prerequisite can be skipped if you don’t want to provision mailboxes in Exchange Online.
The Microsoft 365 System Connector manages mailboxes in Exchange Online. The ExchangeOnlineManagementPowershell-Module must be installed on the server where the System Connector is installed needs the ExchangeOnlineManagementPowershell-Module.
Run the follwing following command in Windows Powershell:
...
For more information, checkout the follwing following documentation: https://learn.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps&source=recommendations#install-the-exchange-online-powershell-module.
System Identity Types
The following system identity types are supported:
Identity Type | Description |
|---|---|
Azure AD User | An Azure Active Directory User |
System Identity Attributes
| Note |
|---|
It is important to note that properties for synced users in Azure cannot be set directly on the user object. Instead, these properties must be configured through Group Policy Objects (GPOs) or managed via an on-premises user and synchronized using Entra ID Connect. |
Attribute | Type | Example | Description |
|---|---|---|---|
Password Policies (PasswordPolicies) | String | “DisablePasswordExpiration” | This attribute can be filled with different information (seperated with “,”), which state how the password policies are set for an identity. “DisablePasswordExpiration” → The password of the relating identity never expires “DisableStrongPassword” → The password set doesn’t have to fulfill any requirements |
Show In Address List (ShowInAddressList) | Boolean | True | This attribute states, if a provisioned identity is shown in the global address book. If it’s set to “True”, the user is shown in this global address book. |
Force-Change-Password-On-Next-Sign-In (ForceChangePasswordNextSignIn) | Boolean | True | This attribute states, if a user has to change his password as soon as she/he tries to sign in to any Office Microsoft 365 application. If it’s set to “True”, the password has to be changed whilst the first sign in. |
System Resource Types
The following system resource types are supported:
Identity Type | Description |
|---|---|
Security Group | A regular security group |
Distribution Group | A regular distribution group |
Office 365 | An Office 365 group |
Team | A team used in teams |
LicenceLicense | An A Microsoft Office 365 licencelicense |
Target System Parameters
Whenever you connect a Microsoft 365 system to the CoreOne Suite you will need to specify the following parameters.
Parameter | Mandatory | Example | Description |
|---|---|---|---|
Application Identifier | ✅ | 4deeecf9-c063-4763-94c6-3db66e4ae679 | The unique identifier of the application generated in the O365 administration panel |
Application Certificate Subject | ✅ | Microsoft Entra ID App Certificate | The self-signed certification is used to ensure client authentication with Microsoft Entra ID. This Certificate must be registered in the administration panel |
Domain | ✅ | The Office 365 tenant | |
Tenant Identifier | ✅ | 97b62607-cb86-48ba-9a28-e8e1e7c4c104 | The unique tenant identifier |
Tenant Name | ✅ | Contoso - Test Tenant | The Tenant name |
Username (Marked for deprecation) | - | The username to connect to | |
Password (Marked for deprecation) | - | 🔑 * * * * * * * * | The password of the user |
Connection URI (Marked for deprecation) | - | The connection URI to the outlook powershell endpoint | |
Application Secret (Marked for deprecation) | - | 🔑 * * * * * * * * | The secret to the application generated in the administration panel |
| Note |
|---|
From version 9.0 onwardsonward, the parameters Username, Password, Connection URI, and Application Secret are marked as deprecated. |
Identity
...
features
The following identity functions are supported:
Supported | |
createCreate / delete identities | ✅ |
provisioning Provisioning identities | ✅ |
update Update identities | ✅ |
provisioning Provisioning identity updates | ✅ |
deprovision Deprovision identities | ✅ |
cleanup Cleanup of inactive identities activeactive | ✅ |
check Check password changed active | ✅ |
Resources
...
features
The following resource functions are supported:
Supported | |
createCreate/delete resources | ✅ |
provision Provision resources | ✅ |
update Update resources | ✅ |
provisioning Provisioning resource changes | ✅ |
deprovisioning Deprovisioning resources | ✅ |
provisioning Provisioning resource allocations | ✅ |
deprovisioning Deprovisioning resource allocations | ✅ |
provisioning Provisioning resources-resource allocations | ✅ |
Deprovisioning resource resource allocations | ✅ |
Cleanup
...
features
The following cleanup functions are supported:
Supported | ||
Is available in the expected/actual comparison log | ✅ | |
Clean up expected/actual |
| ✅ |
Should be - Actually is - cleanup | ✅ | |
Read back user account properties |
| |
Resource identity assignments Target system cleanup | ✅ | |
Resource - resource assignments Target system cleanup | ✅ |
