Microsoft Partner Center (GCC)

Configuring Microsoft Partner Center GCC integration with Work 365.

The Work 365 Partner Center (GCC) Integration enables Partner Center GCC data, such as subscriptions, agreements, and provider invoices, to have a bi-directional sync with Work 365.

Prerequisites

  • Work 365 Partner Center integration is applicable to Direct CSP Partner having a GCC Partner tenant.
  • This integration user in Partner Center GCC must have “Admin Agent” permissions assigned in Partner Center.
  • This integration user in Partner Center GCC must have MFA enabled MFA Setup for Partner Center Integration Account

There are three main steps in setting up the integration with Partner Center GCC and Work 365

Step 1: Create the Azure AD application for Partner Center integration

Step 2: Create the Integration user with the right permissions

Step 3: Collect the Integration information for the settings required in Work 365

Step 4: Creating the Provider Connection and entering the settings acquired in Step 3

Step 5: Complete the Consent using the integration account created in Step 2

Step 1: Create the Azure AD application for Partner Center integration

  1. Login to the GCC Microsoft Azure Active Directory tenant.
  2. Click on App Registrations
  3. Create a new app registration by clicking the + New Registration button
  4. Fill in the details as follows
FieldValue
NameWork 365 Partner Center GCC Integration
Supported account typesAccounts in this organizational directory only (Work 365 AAD (Development) only - Single tenant)
Redirect URIPlatform: Web
https://appext.work365apps.com/consent/microsoftpartnercenter/success
  1. Click the Register button
  2. The application registration page should now open.
  3. From the left menu, click on Authentication and ensure that the ID tokens (used for implicit and hybrid flows) is selected.
  4. Click on Certificates & secrets and create a new secret. Copy this secret since it will be required later. When choosing a time, select 24 months.

Note that this secret will need to be recycled every 24 months.

  1. Click on API Permissions and ensure that the Configured permissions table looks as shown
API / Permissions nameTypeDescriptionAdmin consent required
Microsoft Graph
   User.ReadDelegatedSign in and read user profileNo
Microsoft Partner Center
   user_impersonationDelegatedAccess Partner CenterNo
  1. Click on Overview and copy the Application (client) ID. This value and the secret (step 8) will be required when configuring the connector.

Step 2: Creating the Integration Account

The following steps describe the process of creating the Integration account.

  1. Login to Microsoft Partner Center using the GCC Global Administrator credentials
  2. Create New User
  3. In the Manages your organization's account as section, select Billing admin
  4. In the Assists your customers as section, select Sales agent

At this point, a summary screen with a temporary password would be displayed. Use the credentials to verify access and confirm you can login using the credentials with MFA enabled.

🚧

MFA required for integration user

MFA must be enabled on the Integration user. The MFA cannot be conditional and must be configured to trigger on every login

Some helpful links

Step 3: Collecting Additional Partner Center Information for the Work 365 integration

From within Partner Center, collection the following additional information

  1. Microsoft ID (aka Tenant ID) (from the Account settings section)
  2. Reseller request URLs (from request a reseller relationship link on the Customers list)
  3. Note the day of the billing start of the 'D' invoice billing cycle. (from the Billing section)

Step 4: Creating the Microsoft Partner Center Provider in Work 365

  1. Go to Work 365, “Administration” in the bottom-left menu. Next click on “Admin Hub” in the left menu.
  2. Under “Configuration” at the top of the screen, click on the “Integrations” tab.
  3. Click and open the existing “Microsoft Partner Center” provider by clicking on the gear icon on the right.
  4. After opening the provider complete the details on the form as given below:
FieldSetting Value
NameCan identify Partner Center name by location (ie. Microsoft US Partner Center)
Authorityhttps://login.microsoftonline.us
Application IDValue copied from Azure AD application created above.
Application SecretValue copied from Azure AD application created above.
Country CodeCountry where partner center is registered
Currency CodeThe Partner Center Currency
Billing Start DateThis setting is only used if you are billing Azure through Legacy (D Invoices)
Reseller Relationship URLURL you copied from Step 3
Delegated Admin Authorize URLURL for your customers to accept your delegated Admin Step 3

Settings in Bold are required and Items in Italics are Recommended

  1. Save the record to continue the configuration process.

Step 5: Configuring the Partner Center using the Consent Framework

Note: MFA for the Partner Center Integration account MUST be enabled.

  1. Reopen the connector record that was just created.
  2. The “Generate Consent Link” button should now appear – click this link to open a popup window with the consent instructions.
  3. Click the link icon to copy the consent link to the clipboard. Paste the link into a new private browser window (use Incognito/InPrivate browsing mode) and follow the instructions from the previous window for consent.

🚧

InPrivate / Incognito window required

It is essential to complete this step in Private browsing window or a new browser, so you don't confuse the System with the integration account and your own Azure AD identity

  1. Click the Start Consent Process button. Login with the Partner Center Integration Account when prompted and confirm the MFA.
  2. Go back to the Integration tab in the Admin Hub. Hit the gear icon on the Microsoft provider and click on the “Verify Connectivity” button. If the settings are correct, you should receive a successful confirmation; if the connectivity fails, redo the consent with the Integration user and try again.

👍

Your Partner Center GCC Integration is complete in Work 365