Purpose
This guide shows how you can create a user account in Practice Protect when Microsoft 365 provisioning is enabled. After adding the user in Practice Protect, a sync will occur and create the user’s account in Microsoft 365 as well. Take note that by default, Practice Protect does not provision licensing, this will need to be assigned from the Microsoft 365 portal.
Below are the list of function/attribute mapped in Practice Protect. The rest are controlled in Microsoft 365.
- Microsoft 365 Account Creation
- Display Name
- Primary Email/Username
- Immutable ID
Prerequisites
- Microsoft 365 Federation or Email Integration is enabled
- User account with system administrator access in Practice Protect
Instructions
- Create a CyberArk Cloud user account through Practice Protect. Please refer to this link in order to create a user.
- Once the user is created, go to Core Services, click Roles.
- Find and click the role used for email integration. Typically the role name is set as Microsoft 365 email integration
Select Members and click Add. Add the newly created user. This is to apply the integration and syncs the user to Microsoft 365
- Click Save.
- Return to Core Services > Users. Tick the box next to the selected user.
- Click on Actions and then select Sync All Apps.
- Hit yes to confirm
- Check the sync status by going to the Settings > Users > Outbound Provisioning > Click View Synchronization Job Status and Reports.
- Once the synchronization is completed and successful, check if the user account has appeared in Microsoft 365 Admin Center.
- This completes the process of adding a federated user account. Take note that licensing will need to be assigned from the Microsoft portal.