Select Page
Home > Support Articles > IT Management > Securing the CiraSync Service Account
Share on share on Facebook share on Twitter share on Facebook share by email

For CiraSync Enterprise Edition, we recommend that users create a dedicated service account to serve as the Global Administrator for CiraSync. The service account does not have to be Global Administrator beyond the first login. The account can be demoted to a Service Administrator in Office 365 while still offering the same functionality of granting and authorizing consent for CiraSync.

Furthermore, CiraSync is a Microsoft Azure application that uses the Daemon service. This means that a Global Administrator grants consent and CiraSync receives this access as a token. This token allows the CiraSync service account dashboard management to authorize sync tasks and pushing new and updated information to user mailboxes.

 

Steps

    1. Create a secure service account login.
        • Create a strong 16-character password for the service account. For example, @bE6CwqCW!1l0nw6.
        • Use an account login name that would be hard to guess. For example, Secure-A-Sync. Read more on how to create a secure login name here.
        • Do not reuse this account for any other software or application.
        • Do not log in to this account to manage the CiraSync dashboard. You can set up role-based administration for your users, so they can manage the dashboard using their own Office 365 identities.
    2. Set up multi-factor authentication (MFA) for your CiraSync tenant.
    3. Make CiraSync use the service account for authentication and syncing purposes.
    4. Demote the CiraSync Service Account from the Global Administrator Role to the Service Administrator role. This can only be done after logging in to the CiraSync dashboard once with the service account.