Activating the Integration with Microsoft Cloud Services
- Apostolos Karakaxas
- Niki Rousaki
- Athanasia Kourti
For activating in your BSS the integration we have with Microsoft Cloud Services, you must give to our application the consent to call Microsoft APIs on your behalf.We have registered interworks.cloud platform as a Vendor application in Microsoft systems and this page describes how you will give activate in your BSS our Microsoft service manager by giving your consent to your application.
Activation Prerequisites
For activating our Microsoft service manager, you must first register in your Microsoft system a Web app and to have also a global admin user with MFA enabled.
Getting Authentication Credentials for your Primary Partner Center Account
This account is where you create real orders for real customers. If you make any changes or transactions when you have activated the integration using this account, they will be treated by Microsoft as official orders for real customers. They will be reflected in your invoice, and your company will responsible for paying for them. For getting your authentication credentials, do the following:
- Sign into Partner Center with your primary admin account.
Select the gear icon at the top right corner, go to Account Settings, then App Management.
- Select an existing app or create a new app with default settings. Existing apps show up only if the Azure AD account has existing apps. Click Register App.
- On the confirmation page, copy the app registration information, especially the Key, and store it in a safe place.
Create a Global Admin User with MFA Enabled
To provide your consent to our platform, you must first create a user with the Global Admin Agent role.
Please follow the steps below to complete this process:
Select the gear icon at the top right corner, go to Account Settings, and then choose User Management.
Click Add user.
Fill in the required user information for all mandatory fields.
Activate the checkbox Assists your customers as and select the option Admin Agent.
Click Save.
Then, for this user you must enable MFA:
Login to https://portal.azure.com and navigate to Microsoft Entra ID > Users.
- Select the option Multi-Factor Authentication.
- Define the service settings.
- Select your admin user and press Enable.
For more details, please check the resource below:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted.
Activating the MS Cloud Services in Cloud BSS
For activating the automatic provisioning of MS cloud services, you should:
- Fill in the initial set of properties that will help us identify your CSP account.
- Give to our platform your consent
- Complete the rest options necessary for the management and the provisioning of the Microsoft Office 365 plans.
Enter your Web App Keys
Fill in the following properties:
- Navigate to BSS Setup > Administration > System Options > Applications Setup and select the settings for the MS Cloud Services.
- Fill in the credentials form:
- API URL: The CREST API run at URL Microsoft Global for all countries except Germany that you have to use Microsoft Germany.
- Tenant name: This is your organization default domain. You can find you default domain in Partner Center > Dashboard > Account Settings > App Management.
- App ID, Key and Account ID: These are the credentials of your primary partner center account and they are accessible via the API section in Account Settings
- CSP Status: Define in this field if you are and indirect or direct CSP. This field is required for complying with Microsoft rules for the Partner-On-Record (POR) subscription field.
- If you define that you are direct CSP, we will provision all subscriptions in Microsoft system with empty POR since this field must always be empty for Microsoft to include this subscription for the calculation of Direct CPS rebates.
If you define that you are an indirect CSP, we will set in POR subscription field the MPN ID of your indirect reseller that placed the order.
- If you define that you are direct CSP, we will provision all subscriptions in Microsoft system with empty POR since this field must always be empty for Microsoft to include this subscription for the calculation of Direct CPS rebates.
- The authorization link field is deprecated. From release 3.281.9 we generate this link automatically and you no longer need to define it here.
- API URL: The CREST API run at URL Microsoft Global for all countries except Germany that you have to use Microsoft Germany.
- Save the form.
Give your Consent to interworks.cloud platform
Initially, every Microsoft instance you register in your BSS is not authenticated. For authenticating your instance, you should give to our platform your consent:
- Select the "Authenticate Instance" action for the consent process to be initiated.
This button will redirect you to Microsoft login page. You must log in using a global admin user with the MFA option enabled.
- A pop-up will be displayed which will ask you to give access to interworks.cloud platform
- After giving your consent, you will be directed back to BSS. The status will turn to "Instance is authenticated" and the consent process will be completed
Define the Catalogue & Provisioning Options
After completing successfully the consent process, continue by defining the rest options:
Authorization Link. Your authorization link must be sent to an Office 365 existing tenant in order to accept you as his Microsoft Cloud Solutions Provider (CSP). This link will be used for automating the process for Ordering for an Existing Office 365 Tenant.
- Catalogue Language and Countries. These fields are for preparing the system for the automatic update of the Microsoft cloud services catalog. For more details, please check Prepare for Automatic Update of MS Cloud Services Catalogue
- Product Names. This field is for defining if you want the names of the Office 365 products to be updated automatically every time the Get Services Definition action runs. If you select the option "Continuously update names", all your Office 365 product will always have the naming convention Microsoft is using.
- Provisioning of Annual Subscriptions. check Enabling the Annual Billing Option for understanding what this option is about.
Setup your Sandbox Account
For testing the integration between interworks.cloud Platform and Microsoft Cloud Services, we suggest using the sandbox account Microsoft offers for testing its CREST API. Changes and transactions you make when you are signed into the integration sandbox account will not appear in your invoice.
The integration sandbox account and the primary account act independently and do not share admin accounts, user accounts, customers, orders, subscriptions, or other data.
The integration sandbox supports transactions with a limited number of customers, orders, subscriptions, seats, etc.
By policy, integration sandbox accounts are for integration testing purposes only.
By default, there is not an integration sandbox account set up. You must create one yourself:
- Sign-in into Partner Center with your primary Partner Center account.
- From the Dashboard menu, select Account settings, then Integration sandbox. If you don't see an Integration sandbox option, you might not have an admin agent account, or the integration sandbox has already been set up and you're using an integration sandbox account.
- Fill in the contact information for the integration sandbox admin account, and then click Set up account.
- After you see the confirmation message, sign out of Partner Center, then sign back in with your new integration sandbox admin account, in the formusername@domain and with the password you just specified.
- Accept the Microsoft Cloud Reseller Agreement. There is a pause of several minutes while the integration sandbox account is configured.
- After your account is set up, you must enable API access by following the process we described in the previous paragraph for the primary account.
Testing Services Automation Using Sandbox Account
For using your sandbox account along with our platform, you must follow the instructions explained in paragraph "Activating the MS Cloud Services in Cloud BSS" but using sandbox's account authentication credentials instead of the credentials of your primary account.
When you are done with your testing, you can switch back to primary account credentials for going live.