The Service Account setting allows IS2 Admins to maintain a single connection to Office365 to sync emails and to manage service account users. Maintaining a single connection prevents the annoyance of per user re-connects and pauses in data capture. If an organization requires regular password resets, maintaining one connection will prevent each individual user from having to reconnect after each mandatory password change.
🔐 Use Service Account is available to Admin only. 🔐
What permissions does the Office365 admin need to connect via service account?
They need to be an Azure admin of their Microsoft team and have access to their team's Microsoft Azure admin portal. (Microsoft Azure Global Admin)
Setting Up Service Account for Office 365
Identify the Microsoft Azure Global Admin email address for your organization’s Microsoft 365 account (this is typically a system administrator email or head of IT’s email address).
Log in to the administrator’s Azure portal at https://portal.azure.com/ and navigate to “Home > Enterprise applications > User Settings” under: https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/UserSettings
Under admin consent requests, select “Yes” and add IS2 admin users who can provide Azure admin consent (typically the Global Administrator). This user will need to be the Primary user in the IS2 Office 365 integration*. Save changes.
*Note: To determine if a user is listed as "Primary" in the Office365 integration, look at the list of users in the next step under User Management, "Primary" will be listed next to a Primary user. If the user is not primary, click the three dots next to their name and select "Set as Primary User".
Navigate to the IS2 Platform. Click on Settings in the left nav, select All Integrations, open the Office 365 Integration and navigate to the User Management tab. If the Microsoft Azure Global Admin’s email address is not already added on your User Management page within InsightSquared, add that user and set them up as an IS2 Admin and as the Primary User. To set someone as primary, click the three dots next to a user in the list and select "Set as Primary User".
Set as Primary User:
Listed as Primary User:
Have that user accept their email invitation to log in to InsightSquared, then have that individual complete the steps below.
Under User Management, take note of any existing user connections that are disabled. Once switched to a service account those should go away.
IS2 Admin with Azure permissions should open the Office 365 integration from applications, navigate to Connection Settings and click on "Use Service Account". Save changes.
Under "My Connection" the IS2 admin with Azure permissions should set up their connection. If a connection already exists, delete and reactivate the connection.
You should get redirected to a URL that looks like this: https://login.microsoftonline.com/organizations/v2.0/adminconsent that prompts the user for admin consent.
Note: Only the admin of the organization's Microsoft account is authorized to accept this. Otherwise, you’ll see a message like this:
You should be redirected back to the app and subsequent syncs of any already connected users should go through the service account flow.
Navigate to "User Management" and click on " + add/edit" to connect Platform users to the O365 integration.
Using the dropdown, select the emails of the Platform users you wish to include and toggle the left button to connect and sync their emails.
Optional: If you want to add a different email for a user, go to “Team Profile > User Management” and click on the user. Under "Email Aliases'', add the email you want to sync (find more instructions on Email Aliases here). Once an alias is created, you can select this email in the connected email dropdown.
If you are setting up the integration for the first time, you're good to go! If you are switching to the service account (previously used this integration without service account enabled), click here for next steps.
Insufficient Privileges/Authorization Identity Not Found
If you see the following errors:
Insufficient privileges to complete the operation
Authorization identity not found
Complete the following steps:
Login to the Microsoft Azure Global Admin's Azure portal at https://portal.azure.com/
Navigate to “Enterprise applications”, https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps
Here, you should see the InsightSquared application; click on the application and navigate to “Permissions” from the left navigation menu and click “Grant Admin Consent”.
Accept the permissions and navigate back to our Platform.
If there’s still a connection for the Microsoft Azure Global Admin in IS2 (the primary user) delete it and click “Activate” to set up the connection again. Make sure to use the same email with which admin access was granted in the Azure portal.
You should get redirected back to the Platform with a working connection. If you still see an “Insufficient privileges” error, wait 30 seconds and refresh the page.
Unable to Find a User Matching [email]
If you see an error “Unable to find a user matching email@example.com”, this indicates that the user does not have their Outlook account set up correctly.
If you run into any issues, please contact support.