Managing the Refresh Token for Multi-Factor Authentication

Important: This documentation is for the APS-based Azure integration solution. If you are using a Connect-based Azure integration solution, please refer to the Connect documentation.

This section describes how you can grant consent to the permissions that the Azure CSP application requires, and, as a result, acquire a refresh token for the application instance that belongs to your CSP partner account. This refresh token will be used by the Azure CSP application to make calls to the Partner Center and Graph and ARM APIs on behalf of your CSP partner account.

There are two procedures to grant consent and acquire a refresh token: automatic and manual. You should use the automatic procedure if you have administrative access to your CloudBlue Commerce system and your CSP partner account. You should use the manual procedure if you have administrative access to your CloudBlue Commerce system but do not have administrative access to your CSP partner account.

Note: A refresh token has a limited lifetime of 90 days. It is automatically retrieved and updated every 10 days.

Automatic Procedure

To give your consent and acquire a refresh token for the application instance that your CSP partner account belongs to, follow these steps:

1. In the CloudBlue Commerce Reseller Panel available to your CSP Partner account, carry out the following steps:

   1. Go to Services > Azure Partner (NCE) > Manage Refresh Token.
   2. In the Automatic Update group, click Update Refresh Token. The login page of the Microsoft Partner Center will open in a new browser window.

2. In the new browser window, carry out the following steps:

   1. Sign in using the credentials of a user that has the Global admin and Admin agent roles.

      Note: Multi-Factor Authentication (MFA) must be enabled for the user, as described at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates.

   2. Click Accept to give your consent to the permissions that the Azure CSP application requires. You will be redirected from the Microsoft Partner Center to a special site.
   3. On the Partner Onboarding Web Application page of the site, make sure that the acquisition of the refresh token is being performed successfully: there must be a message similar to The consent has been granted successfully. The authorization code has been sent ... After that, close the new browser window.

3. In the CloudBlue Commerce Reseller Panel, make sure that a message similar to Your refresh token has been successfully updated is shown.

Manual Procedure

To obtain consent and acquire a refresh token for the application instance that your CSP partner account belongs to, follow these steps:

1. In the CloudBlue Commerce Reseller Panel, perform the following:

   1. Go to Services > Azure Partner (NCE) > Manage Refresh Token.
   2. In the Manual Update group, click Copy to copy the URL shown on the screen.
   3. Send the URL to a person who has administrative access to your CSP partner account.

2. The person whom you sent the URL in the previous step must perform the following:

   1. Navigate to the URL. The login page of the Microsoft Partner Center will open.

   2. Sign in using the credentials of a user that has the Global admin and Admin agent roles.

      Note: Multi-Factor Authentication (MFA) must be enabled for the user, as described at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates.

   3. In the Microsoft Partner Center, click Accept to give a consent to the permissions that the Azure CSP application requires. You will be redirected from the Microsoft Partner Center to a special site.
   4. On the Partner Onboarding Web Application page of the site, copy and write down the authentication code. After that, close the browser window.
   5. Send the authentication code to the person who provided the URL.

3. In the CloudBlue Commerce Reseller Panel, perform the following:

   1. Go to Services > Azure Partner (NCE) > Manage Refresh Token.
   2. In the Manual Update group, specify the authentication code that you received and click Update.
   3. Make sure that a message similar to Your refresh token has been successfully updated is shown.