Skip to main content
Skip table of contents

App session

A sapio365 App session is offered to users who wish to use an application to connect to Microsoft 365 instead of their user credentials.

Why use an App session in sapio365?

  • An App session won’t need any MFA or to enter a password to run since it will use the application’s secret key to authenticate.

  • This can be useful in strict environment, where MFA has to be provided each time you launch sapio365, forbidding you to set any scheduled Jobs.

‘Access App sessions’ sapio365 role is required

For security reasons, an App session can only be seen and used by users who have been assigned the sapio365 ‘Access App sessions’ role.

  • By default, no one can create, see or use any App session, not even those with a Microsoft 365 global admin role or a sapio365 General Manager role.

  • To set a sapio365 Access App sessions role, you must have a Microsoft 365 global admin role or a sapio365 General Manager role.

  • Creating a sapio365 App session creates a custom-named registered application in your tenant. You can add or remove permissions for this registered app in Azure Active Directory.

MFA and Mailbox Info are not available in App session

PowerShell-based features in sapio365 like loading MFA Info and Mailbox Info are not available in an App session because these require password authentication.

1 - Assign access to App sessions in sapio365 Access & Restrictions

  1. In the main window, click RBAC submenu item ‘sapio365 Access & Restrictions’.

  2. Once in that section, select the entry ‘Access App sessions’ in the grid and click ‘Assign’.

  3. Search and select your account, another user or a group that you wish to give the ability to create App sessions. Click ‘Add to selection’ and click OK to see whoever you’ve selected listed under the role.

assign-access-app-session.jpg

2 - Create an App session

  1. In the ‘back’ of sapio365, go to Recent Sessions.

  2. Click on ‘Create App session’ and follow the prompts. See step-by-step instructions below.

Step-by-step instructions

Create a new application

After clicking on ‘Create App session’, you will see the same dialog as the one to elevate privileges.

  1. Click on ‘Create a new application’.

  2. Name the application. We recommend including the name of the user who will be using it.

  3. Click ‘Proceed’ to give consent to the list of permissions the application needs (recommended), or skip to do it later.

  4. Click on ‘Continue’.

Give consent to permissions

  1. ‘Accept’ to give admin consent to the permissions listed.

  2. Authenticate with your Microsoft 365 credentials.

  3. You should see a ‘Success…’ dialog.

Add the required role for the application

  1. Click ‘Check current status’.

  2. ‘Add the Role', and you’ll see a message that the application has the role. If not, click on ‘Check current status’.

  3. Click ‘Use now’ to switch to this new App session. If you cancel, you can connect to it from your recent sessions list.

create-app-session.jpg

3 - Set on-premises parameters (OPTIONAL)

If your tenant has a hybrid Active Directory, you can enable on-premises access by setting custom on-prem parameters for your App Session.

Editing an App Session and managing on-premises parameters are available only in a User Session of someone who is allowed to create App Sessions.

For security purposes, App Sessions cannot be edited while in an App Session.

  1. In the ‘back’ of sapio365, go to Recent Sessions.

  2. Click on submenu item ‘App session on-prem settings’ to enable on-prem data access, and fill in custom parameters if needed.

on-prem-app-session.jpg

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close