When using CiraSync Enterprise Edition, you will need a Dedicated Service Account in Office 365 for CiraSync to manage the Global Address List (GAL), Public Folder, and Shared Mailbox sync for an entire Office 365 tenant. This guide shows how to create and set up a dedicated service account for CiraSync.
Why Should I Create a Dedicated Service Account?
It is a required step when upgrading to CiraSync Enterprise Edition. In addition, the dedicated service account comes with these benefits:
- The password expires periodically when using personal Office 365 credentials: the dedicated service account password can be set to never expire.
- A dedicated service account allows users to freely give and restrict access to specific accounts in the Office 365 tenant.
- The dedicated service account can be disabled without affecting other accounts and functions of CiraSync.
- Access to this account can be given to other users without revealing the account’s password.
Before You Start
- The dedicated service account must be set to the Global Administrator and App Impersonation role when you first sign in to CiraSync Enterprise Edition, but after this, the account can be downgraded to a Service Administrator.
- CiraSync will not work if the account is set with multiple factor authentication.
- The service account does not work with single-sign-on.
Creating the Dedicated Service Account
- Launch the Office 365 Admin Portal.
- Click on Users > Active users on the left navigation panel. (See figure below.)
- Click + Add a user button.
- Provide a Display Name and a Username for the service account.
- Click Contact Information and fill in the required fields.
- Click Password to a create a password for this new account.
- Click Roles, and then select Global Administrator.
- Click Product Licenses and assign license, if required. NOTE: If you plan to sync Public Folders, you need to assign one of the following licenses: Kiosk for $2.00 per month, Microsoft F1 (or Plan 1) for $4.00 per month, or Plan 2 for $8.00, and then the service account needs to be granted Reviewer permissions in the Public Folder. Skip this step if you only plan to use the GAL sync feature.
- Click Add.
Setting Up the Dedicated Service Account with the Application Impersonation Role
Once you have created the service account, the account needs to be set to the Application Impersonation Role.
- Click Admin centers > Exchange on the left navigation panel. (See figure below.)
- Click Permissions > Admin Roles > + in the Exchange Admin Center menu.
- Name the new admin role as App Impersonation.
- Click on + next to Roles and add the Application Impersonation Role.
- Click the + next to Members to add the service account created during the Creating the Dedicated Service Account section of this article.
- Click Save. NOTE: It can take 30–40 minutes for the Application Impersonation role to apply on the service account and replicate across Office 365 services. (See figure below.)
Congratulations, you have just set up a dedicated service account for Office 365! You are now ready to launch the CiraSync Enterprise Edition setup for your Office 365 tenant and contact sync for Office 365!