Configuring provisioning for Microsoft 365
Use this task to provision users from Verify to a Microsoft 365 application.
Before you begin
- You must have a Microsoft 365 account with administrator access.
- You must have administrative permission to complete this task.
- Log in to the IBM® Security Verify administration console as an Administrator. For more information, see Accessing IBM Security Verify.
- The following parameters are required to configure user
provisioning in Verify:
- Domain name
- Client ID
- Client Secret
About this task
Provisioning provides the following features.
- Create new users
- Users who are entitled to the Microsoft 365 application through Verify are also created in the Microsoft 365 application if the user account does not exist.
- Delete users
- When users lose access to the application in Verify, the corresponding user accounts in the Microsoft 365 application are deprovisioned as specified by the deprovisioning policy.
- Modify user profile
- Updates made to the user's profile through Verify are pushed to the Microsoft 365 application as specified by the
Keep value updated
setting for each attribute. - User suspend and restore
- Suspending a user through Verify deactivates the user and restoring the user through Verify activates the user in the Microsoft 365 application.
- User account synchronization and remediation
- The Microsoft 365 application supports user account
synchronization, remediation, and group synchronization features.
- User account synchronization fetches all the target application user accounts in Verify and matches the fetched accounts with users in Verify. The adoption policy that is defined on the application specifies the matching attributes for adoption of the synchronized user accounts.
- Remediation policy can be configured to remediate user accounts with attribute values that differ between Verify and the target application.
-
Verify Supports the
following three remediation policies:
- Do not remediate noncompliant accounts automatically.
- Update Verify account attribute values with the target application values.
- Update target application account attribute values with Verify values.
- Group synchronization fetches all the target application groups in Verify.
- Fine grained entitlement
- Group and supporting data synchronization fetches all the Microsoft 365 endpoint groups, administrative roles, and Microsoft 365 licenses in Verify. This supporting data is
represented as permissions in Verify and can be assigned to
users
andgroups
.Microsoft 365 licenses contain service plans that can be added to the user. Each such license service plan is fetched and represented as an individual permission in Verify.
For example, the
O365_BUSINESS_PREMIUM
license plans likePROJECT_O365_P2, DYN365_CDS_O365_P2, MYANALYTICS_P2
. These permissions are available as individual for assignment and appear with names asO365_BUSINESS_PREMIUM.PROJECT_O365_P2, O365_BUSINESS_PREMIUM.DYN365_CDS_O365_P2
andO365_BUSINESS_PREMIUM.MYANALYTICS_P2
.