Auto-assigning the Admin Agents Security Group
Once the GDAP relationship is accepted by a customer, it is necessary to add security groups to the admin relationship, including all the accepted roles.
Providers who have configured custom GDAP roles in the multi-account extension can automatically assign the Admin-Agents security group to the relationship once it is accepted by their customers, including all the corresponding roles.
To do this, complete the following steps:
-
Go to the Integrations module in the CloudBlue Connect Distributor portal.
-
If the Microsoft Management Settings extension is not installed yet, click on the Microsoft Management Settings service and then click Open Settings > GDAP.
Note: You can also find it in your account settings (Settings > Microsoft Management Settings).
-
Click the Custom GDAP roles tab.
-
Select the Auto-assignment Enabled checkbox to assign the Admin-Agents security group to admin relationships once they are accepted by the customers. This option is turned off by default.
A scheduled task will be in charge of subscribing Microsoft partners to a webhook event to receive a notification when a customer approves a GDAP relationship. Then, if the Auto-assign Security Group option is turned on, the service will assign the Admin-Agents security group to the GDAP relationship
Important:
- If you are already registered to receive another webhook event from the Partner Center, the Security group Auto-assignment will not work, since Microsoft only allows subscriptions to one webhook event. For additional information, refer to the Microsoft documentation on Partner Center webhooks.
- If Azure or Azure RI connectors are in use for one or multiple marketplaces, it is strongly recommended that custom GDAP roles are auto assigned to the Admin Agents Security Group to ensure that the Azure connector can perform important operations requiring customer impersonation.