How to Guide on 3rd Party Integration

---

Project Team, Support Center

---

Project Team, Support Center

---

Upon completion of configuration, test and sync should function between the sides

---

Audit Logs can be viewed from JumpCloud Admin portal OR Microsoft 365 Admin Portal

---

Microsoft 365 Directory Integration Overview JumpCloud offers direct integration with Microsoft® 365™ (M365) so you can manage M365 users from the JumpCloud Admin Portal. Their passwords are synced with their JumpCloud password the first time they log in to their JumpCloud User Portal after they’re associated with M365. Integrating M365 with JumpCloud Benefits This integration with JumpCloud allows for: • Secure, persistent connectivity between JumpCloud and M365 • Importing pre-existing M365 accounts into JumpCloud • Exporting (provisioning) new accounts into M365 from JumpCloud • Continual synchronization from JumpCloud to M365 accounts • End user self-service account management from the JumpCloud User Portal • Security Assertion Markup Language (SAML) Single Sign-on (SSO) users can log in to JumpCloud and M365 with the same set of credentials Considerations Warning: • Don’t authorize/create multiple instances of a cloud directory integration to the same M365 domain. If you do, users bound to multiple M365/Entra ID instances could be suspended in your M365/Entra ID directory if you unbind that user from one of the instances. You can avoid this by deactivating sync for multiple M365/Entra ID directory instances for the same domain. • Be aware that after you deactivate sync for a M365/Entra ID instance and domain, all information specific to that M365/Entra ID directory integration in the JumpCloud Admin Portal will be permanently deleted and cannot be recovered by simply reactivating sync. • App passwords may be necessary to authenticate legacy endpoints where multifactor authentication (MFA) is configured in M365 12232 Thatcher Ct Poway, CA 92064 619.651.8700 centrexIT.com • JumpCloud user accounts are synced with their M365 user account based on the primary email address used in M365 • If multiple M365 tenants are configured for JumpCloud’s Directory Sync and a JumpCloud user is bound to more than one M365 tenant, only the M365 tenant with the JumpCloud user’s matching M365 primary email address will be synced • At this time, JumpCloud doesn’t support integration with GoDaddy’s implementation of M365. This version has limited identity management capabilities that require SSO login with GoDaddy’s services to operate appropriately. Because of these requirements, we are prohibited from making changes to identities with the GoDaddy integration • Don’t import users that you don’t intend to manage with JumpCloud. You have 48 hours to remove unwanted users and to contact your Technical Account Manager to avoid being charged for any users you remove after import • If the password takeover functionality has been disabled for your JumpCloud organization, then the password only syncs when the user or admin changes it. In addition, active users with passwords will receive password reset emails from each Cloud Directory to which the user is associated • M365/Entra ID group management is only supported for security groups at this time Prerequisites • An active M365 domain • A user with the following administrator roles in M365: o Privileged role administrator o Groups administrator o Users administrator • We also recommend that you have a Global administrator service account M365 Integration Scenarios You can integrate M365 with JumpCloud in the following two ways:

1. Taking over existing M365 accounts
2. Provisioning new M365 accounts 12232 Thatcher Ct Poway, CA 92064 619.651.8700 centrexIT.com Taking Over Existing M365 Accounts When you import existing M365 accounts and bind them to the M365 directory you’ve enabled for sync, JumpCloud “takes over” the accounts and becomes the manager and password authority for those accounts. Provisioning New M365 Accounts Account provisioning involves creating and maintaining user accounts and their attributes. New M365 accounts can be provisioned in M365 or in JumpCloud. M365-Initiated Provisioning When an account is created in M365, a temporary password can be sent to an alternate email address, which lets users gain access to their account. When you create a user account in M365, users are provisioned in the following way:
3. Import the user into JumpCloud.
4. Bind the user to the M365 directory.
5. The user resets their password in the JumpCloud User Portal.
6. Account synchronization is complete. JumpCloud-Initiated Provisioning When you create new users in JumpCloud that don’t exist in Microsoft, JumpCloud creates user accounts (provisions) with the JumpCloud user’s credentials and attributes. For the new account to be provisioned to M365, the account must have an email address of the primary M365 domain that is synced with JumpCloud. This is useful if your organization intends to use JumpCloud to manage your M365 deployment. When creating an account in JumpCloud, an activation email can be sent to an alternate email address. Alternatively, admins can set a temporary password during creation. To send an activation email to an alternate email address:
7. Add the new user to JumpCloud. a. Bind the user to the M365 directory. b. Leave Specify initial password unchecked. c. After saving the user, you will be prompted to send the activation email. 12232 Thatcher Ct Poway, CA 92064 619.651.8700 centrexIT.com
8. The user will click the link in the activation email that was sent to the address you provided in step 1b and set their password.
9. The user logs in to the JumpCloud User Portal with the password they set in step 2.
10. Account synchronization is complete. To set a temporary password for the user during creation:
11. Log in the JumpCloud Admin Portal.
12. Go to User Management > Users.
13. Click ( + ), then select Manual user entry.
14. Specify details for the user, making sure to set the following attributes as follows: a. The Company Email address you specify for the user is on the domain of the M365 directory you want to provision the user to. b. For Password Settings, select Specify initial password, and then specify the user’s initial password.
15. Select the Directories tab, then select the M365 directory that matches the Company Email address you specified for the user.
16. Click save user. The user’s account, including the initial password you set, are provisioned to M365. It may take up to 60 seconds for the user account to be created in Microsoft. Note: When you go to your M365 administrator dashboard, you’ll see the new user in the user’s list. You can now manage licensing and permissions for the user from Microsoft. Keep in mind that it may take up to a minute for M365 to create the account.

---

1. Create a relationship back to related process. Note: Please add KB relationships to core process, process, SOPs or other WIs on the right.