In order to give RBAC delegates access to a tenant and to an on-prem Active Directory (hybrid tenants), you will need to set up valid credentials for a role.

If you want to manage more than one tenant through sapio365 RBAC roles, create a set of credentials to access each environment.

The steps that follow include the creation of:

  • A delegated user/service account

  • A registered application*

  • Configuration of PowerShell credentials

*The registered application in your Azure AD created automatically by sapio365 includes the highest permissions for maximum access. You can restrict this application by removing permissions that you may deem unnecessary for the roles that you will use with this credential set.

In the sapio365 tab of the main window, go to ‘RBAC – Configuration’ and set up the credentials to use for the roles you will create. You can also clone an existing set of credentials.

Step 1 - Enter a unique name and description for the credentials you’re setting up. If you’re using sapio365 RBAC to manage several tenants, you’ll need to do this for each tenant.

Step 2 - We recommend that you create a new, RBAC-dedicated user and a new registered application.

Note that the new user will be added to a global admin role, and does not require assignment of any Microsoft 365 license for sapio365 RBAC.

Click on the button ‘Create New Admin & Application’. Confirm by clicking on OK.

(Optional) You can use credentials of an existing global admin and application by filling out the related fields, and entering the target tenant. If consent was already given, you will not need to do it again.

Step 3 - Consent to the permissions of the applications. You must be a global admin to do so.

Step 4 - (Optional for hybrid tenants) Add connection information for accessing the local on-prem Active Directory (AD) connected to the tenant the same way as you would connect to on-prem AD in a sapio365 session. Make sure to toggle ‘Use On-Premises?’ to 'True' before clicking OK.

Clone credentials

Use an existing set of credentials to prefill the fields of a new one.

Select and right-click, and click on ‘Clone Credential’.

Then you can edit field values by “unlocking” them first.

Edit credentials

Edit an existing set of credentials by selecting one and clicking on 'Edit'. You can edit fields by unlocking them first.

Delete credentials

Select one or more sets of credentials to delete them with the ‘Delete’ button. You will be asked for confirmation to avoid mistakes.