How to Set Up a Global Admin Service Account for Office365 in CiraSync

Updated on Sep 1, 2023 Tags: IT Management Support Articles

To manage GAL and public folder contact sync for Office 365 tenants, CiraSync needs both Global Admin permissions and the Application Impersonation role.

You can make a dedicated Azure/Office 365 account for this.  If you are only using the GAL Sync feature, the account does not need to be a licensed user, so this procedure won’t incur any additional charges from Microsoft. If you are reading from a public folder, you won’t be able to assign “reviewer” permissions to the service account unless it is mail-enabled. We use “Exchange Online Kiosk” for this since it is the least expensive mail-enabled account you can buy.

The benefits of making a dedicated Azure Account are as follows:

  • If you use your own Office 365 credentials, you will need to change the password periodically.  The dedicated account can have a super strong password, and you can set it to never expire.
  • As with any third-party application accessing your tenant, it is convenient to give the exact permissions required to run the software.
  • You can disable this account without affecting anything else
  • It is self-documenting regarding the purpose of the account, and you can delegate management to a coworker without revealing your own password.

If you are going to support 10 or more users with CiraSync, we recommend following these steps to set up this dedicated account and perform public folder contact sync for Office 365:

1) Launch the Office 365 Admin Center and choose Edit a User

Editing user in Office 365 Admin Center

2) Edit the user that will be used to setup CiraSync Enterprise Edition

User setting up CiraSync Enterprise Edition

3) Verify that this user is a Global Administrator. This is required.

Verifying Global Administrator

4) From the Admin Center, choose Exchange

Admin Center for CiraSync Enterprise Edition

5) From the permissions menu, choose Admin Roles

Admin Roles for CiraSync Enterprise Edition

6) Hit the plus symbol to add a new Admin Role

New Admin Role in CiraSync Enterprise Edition

7) Create a new admin role called App Impersonation

8) Click the plus symbol and select ApplicationImpersonation

New admin Role for App Impersonation

9) Add the CiraAdmin account (same one selected in step 2)
You are now ready to launch the CiraSync Enterprise Edition setup for your Office 365 tenant and public folder contact sync for Office 365

Set up and start syncing contacts to business smartphones in less than 5 minutes.

Try for Free

vern-weitzman

CTO and Founder of Cira Apps Limited. I have been building Exchange applications and related contact management for 15 years.