The Work 365 Partner Center (GCC) Integration enables Partner Center GCC data, such as subscriptions, agreements, and provider invoices, to have a bi-directional sync with Work 365.
- Work 365 Partner Center integration is applicable to Direct CSP Partner having a GCC Partner tenant.
- This integration user in Partner Center GCC must have “Admin Agent” permissions assigned in Partner Center.
- This integration user in Partner Center GCC must have MFA enabled MFA Setup for Partner Center Integration Account
There are three main steps in setting up the integration with Partner Center GCC and Work 365
Step 1: Create the Azure AD application for Partner Center integration
Step 2: Create the Integration user with the right permissions
Step 3: Collect the Integration information for the settings required in Work 365
Step 4: Creating the Provider Connection and entering the settings acquired in Step 3
Step 5: Complete the Consent using the integration account created in Step 2
- Login to the GCC Microsoft Azure Active Directory tenant.
- Click on
- Create a new app registration by clicking the
+ New Registrationbutton
- Fill in the details as follows
|Name||Work 365 Partner Center GCC Integration|
|Supported account types||Accounts in this organizational directory only (Work 365 AAD (Development) only - Single tenant)|
|Redirect URI||Platform: Web|
- Click the
- The application registration page should now open.
- From the left menu, click on
Authenticationand ensure that the
ID tokens (used for implicit and hybrid flows)is selected.
- Click on
Certificates & secretsand create a new secret. Copy this secret since it will be required later. When choosing a time, select 24 months.
Note that this secret will need to be recycled every 24 months.
- Click on
API Permissionsand ensure that the
Configured permissionstable looks as shown
|API / Permissions name||Type||Description||Admin consent required|
|User.Read||Delegated||Sign in and read user profile||No|
|Microsoft Partner Center|
|user_impersonation||Delegated||Access Partner Center||No|
- Click on
Overviewand copy the
Application (client) ID. This value and the secret (step 8) will be required when configuring the connector.
The following steps describe the process of creating the Integration account.
- Login to Microsoft Partner Center using the GCC Global Administrator credentials
- Create New User
- In the Manages your organization's account as section, select
- In the Assists your customers as section, select
At this point, a summary screen with a temporary password would be displayed. Use the credentials to verify access and confirm you can login using the credentials with MFA enabled.
MFA required for integration user
MFA must be enabled on the Integration user. The MFA cannot be conditional and must be configured to trigger on every login
Some helpful links
From within Partner Center, collection the following additional information
- Microsoft ID (aka Tenant ID) (from the
- Reseller request URLs (from
request a reseller relationshiplink on the Customers list)
- Note the day of the billing start of the 'D' invoice billing cycle. (from the Billing section)
- Go to Work 365, “Administration” in the bottom-left menu. Next click on “Admin Hub” in the left menu.
- Under “Configuration” at the top of the screen, click on the “Integrations” tab.
- Click and open the existing “Microsoft Partner Center” provider by clicking on the gear icon on the right.
- After opening the provider complete the details on the form as given below:
|Name||Can identify Partner Center name by location (ie. Microsoft US Partner Center)|
|Application ID||Value copied from Azure AD application created above.|
|Application Secret||Value copied from Azure AD application created above.|
|Country Code||Country where partner center is registered|
|Currency Code||The Partner Center Currency|
|Billing Start Date||This setting is only used if you are billing Azure through Legacy (D Invoices)|
|Reseller Relationship URL||URL you copied from Step 3|
|Delegated Admin Authorize URL||URL for your customers to accept your delegated Admin Step 3|
Settings in Bold are required and Items in Italics are Recommended
- Save the record to continue the configuration process.
Note: MFA for the Partner Center Integration account MUST be enabled.
- Reopen the connector record that was just created.
- The “Generate Consent Link” button should now appear – click this link to open a popup window with the consent instructions.
- Click the link icon to copy the consent link to the clipboard. Paste the link into a new private browser window (use Incognito/InPrivate browsing mode) and follow the instructions from the previous window for consent.
InPrivate / Incognito window required
It is essential to complete this step in Private browsing window or a new browser, so you don't confuse the System with the integration account and your own Azure AD identity
- Click the Start Consent Process button. Login with the Partner Center Integration Account when prompted and confirm the MFA.
- Go back to the Integration tab in the Admin Hub. Hit the gear icon on the Microsoft provider and click on the “Verify Connectivity” button. If the settings are correct, you should receive a successful confirmation; if the connectivity fails, redo the consent with the Integration user and try again.
Your Partner Center GCC Integration is complete in Work 365
Updated 8 months ago