Single Sign-On Service › SSO Getting Started Guide › How to Connect a CA CloudMinder Tenant to an Office 365 Tenant › Overview › The CSP Admin Tasks to Connect a CA CloudMinder Tenant to an Office 365 Tenant › CSP Tasks to Configure User Provisioning

CSP Tasks to Configure User Provisioning

Note: These procedures need to be performed by the CSP Administrator.

This section requires the following information:

• [attributeImmutableId]
• [attributeUPN]
• [tenantAdmin]
• [tenantId]

Import Role Definitions

As a CSP Administrator, use the following procedure to import the role definitions.

Follow these steps:

1. Log in to the CA CloudMinder Management Console.
2. Navigate to Environments, [tenantId], Role and Task Settings, Import.
3. Select Office 365.
4. Click Finish.
5. When notified, restart the environment.

Configure Attribute Mappings

As a CSP Administrator, use the following procedure to configure attribute mappings.

Follow these steps:

1. Log in to the CA CloudMinder Management Console.
2. Navigate to Environments, [tenantId], Advanced Settings, Provisioning, Attribute Mappings
3. Add Attribute Mapping:
   • User Attribute: %IMMUTABLEID%
   • Provisioning Attribute: [attributeImmutableId]
4. Add Attribute Mapping:
   • User Attribute: %UPN%
   • Provisioning Attribute: [attributeUPN]
5. When notified, restart the environment.

Enable Admin Roles for Provisioning

As CSP Administrator, you must enable the Admin Roles in the environment.

Follow these steps:

1. Log in to the CA CloudMinder Console.
2. Navigate to Roles and Tasks, Admin Roles, Enable/Disable Admin Role.
3. Enable the following roles:
   • CSP Provisioning Manager
   • Endpoint Manager
   • MSP Provisioning Manager
   • Provisioning Role Manager
   • Tenant Provisioning Manager
4. Select and Modify the changes.

Assign Provisioning Manager Role

Assign Tenant Administrators the "Provisioning Manager for Office 365" role.

Follow these steps:

1. Log in to the CA CloudMinder Console as CSP Adminsitrator.
2. Navigate to Roles and Tasks, Admin Roles, Modify Admin Role Members.
3. Select Provisioning Manager for Office 365.
4. Add a user: Add a Tenant Administrator.
5. Submit the modification.

Enable Policy Express Policies

You must create user attributes for provisioning and SSO to Office 365.

Follow these steps:

1. Log in to the CA CloudMinder Console as CSP Administrator.
2. Navigate to Policies, Policy Xpress, Enable/Disable Policy Xpress Policy.
3. Enable policies:
   • Get O365 Account Template
   • Get O365 Endpoint
   • Create Provisioning User
   • Set ImmutableID
   • Set UPN
4. Select and Modify the policies.

Modify Policy Express Policy for ImmutableID

The policy must be created to accommodate cloud users and synchronized users. The policy should be triggered when the user is assigned the Office 365 Provisioning Role.

Follow these steps:

1. Log in to the CA CloudMinder Console as CSP Administrator.
2. Navigate to Policies, Policy Xpress, Modify Policy Xpress Policy.
3. Select the policy: Set ImmutableID
4. In Events, Add Event, configure the following:
   • Event State: After
   • Event Name: AssignUserToProvisioningRoleEvent
5. Submit the modification.

Export Signing Certificate

When complete, this procedure will provide you with the following:

• [certificate], intended for the Tenant Administrator
• [certificateAlias]

Follow these steps:

1. Log in to the CSP Console as a CSP Administrator.
2. Navigate to Infrastructure, X509 Certificate Management, Trusted Certificates and Private Keys.
3. Choose a certificate to sign federation assertions and record the [certificateAlias]. It must be of the type: Private Key and Certificate.
4. If the required certificate type does not exist, request or create a certificate and import it.
5. Select the Action: Export
6. Make sure of the Format: X509-PEM.
7. Click Export.
8. Give the exported certificate [certificate] to the Tenant Administrator.