When using CiraSync Enterprise Edition, you will need a Dedicated for CiraSync to manage the Global Address List ( in Office 365 ), , and sync for an entire Office 365 . This guide shows how to create and set up a dedicated service account for CiraSync in both the old and new Office 365 Admin Center.
Why Should I Create a Dedicated Service Account?
The dedicated service account comes with these benefits:
- The password expires periodically when using personal Office 365 credentials: the dedicated service account password can be set to never expire.
- A dedicated service account allows users to freely give and restrict access to specific accounts in the Office 365 tenant.
- The dedicated service account can be disabled without affecting other accounts and functions of CiraSync.
- Access to this account can be given to other users without revealing the account’s password.
Before You Start
- The dedicated service account must be a Global Administrator with the App Impersonation role when you first sign in to CiraSync Enterprise Edition, but after this, the account can be downgraded to a Service Administrator.
- CiraSync will not work if the account is set with multiple factor authentication.
- The service account does not work with single-sign-on.
Creating a Dedicated Service Account with the Old Admin Center
- Launch the Office 365 Admin Center.
- Click on Users > Active users on the left navigation panel. (See figure below.)
- Click + Add a user button.
- Provide a Display Name and a Username for the service account.
- Click Contact Information and fill in the required fields.
- Click Password to a create a password for this new account.
- Click Roles, and then select Global Administrator. NOTE: The Service Account needs to be set as a here.during the setup of CiraSync Enterprise Edition. Once the Service Account has logged into the tenant dashboard, the Service Account can be demoted from the Global Admin role. Learn how to demote the service account
- Click Product Licenses and assign license, if required.NOTE: If you plan to sync Public Folders, you need to assign an Exchange license to the service account. We recommend that you assign the following licenses for the best value: Kiosk for $2.00 per month or Microsoft F1 (or Plan 1) for $4.00 per month. After assigning a license, the service account needs to be granted Reviewer permissions in the Public Folder. Neither of these are required for GAL Sync.
- Click Add.
Creating a Dedicated Service Account with the New Admin Center
Microsoft recently put their new Admin Center on trial. The following instructions are for users who switched to the new Admin Center.
- Launch the Office 365 Admin Center.
- Click on Users > Active Users in the left navigation panel. (See figure below.)
- Click + Add a user button. The Add a User wizard will pop-out on the right side of the window. (See figure below.)
- Fill in the required fields.NOTE: Required fields are marked by a red asterisk.
- Click Let me create the password option under Password settings.
- Create a strong password for the account.
- Click Send password in email upon completion. NOTE: You may change the recipient of the service account password. If you are satisfied, you may move on to Step 8.
- Click Next. You will be taken to Assign product licenses portion of the wizard. (See figure below.)
- Select the location of the service account.
- Select an Exchange License or the Create user without product license option.NOTE: To sync Public Folders with CiraSync, an Exchange license must be assigned to the Service Account, and the Service Account must be given Reviewer permissions for the Public Folder. Neither of these are required for GAL sync.
- Click Next. You will be taken to the Optional settings portion of the wizard. (See figure below.)
- Click Roles. This will expand the User Roles section of the wizard.
- Select Admin center access > Global admin. NOTE: The Service Account needs to be set as a Global Admin during the setup of CiraSync Enterprise Edition. Once the Service Account has logged into the tenant dashboard, the Service Account can be demoted from the Global Admin role. Learn how to demote the service account here.
- Click Next. You will be taken to the Review and finish adding portion of the wizard.
- Review all the information provided to the wizard > Click Finish adding.
Congratulations! You have just created a dedicated service account for CiraSync. Please proceed to Setting Impersonation Mode to Sync to User Mailboxes to complete the CiraSync Enterprise Edition prerequisites.