Microsoft Partner Center (GCC)
Configuring Microsoft Partner Center GCC integration with Work 365.
The Work 365 Partner Center (GCC) Integration enables Partner Center GCC data, such as subscriptions, agreements, and provider invoices, to have a bi-directional sync with Work 365.
Prerequisites
- Work 365 Partner Center integration is applicable to Direct CSP Partner having a GCC Partner tenant.
- This integration user in Partner Center GCC must have “Admin Agent” permissions assigned in Partner Center.
- This integration user in Partner Center GCC must have MFA enabled MFA Setup for Partner Center Integration Account
There are three main steps in setting up the integration with Partner Center GCC and Work 365
Step 1: Create the Azure AD application for Partner Center integration
Step 2: Create the Integration user with the right permissions
Step 3: Collect the Integration information for the settings required in Work 365
Step 4: Creating the Provider Connection and entering the settings acquired in Step 3
Step 5: Complete the Consent using the integration account created in Step 2
Step 1: Create the Azure AD application for Partner Center integration
- Login to the GCC Microsoft Azure Active Directory tenant.
- Click on
App Registrations - Create a new app registration by clicking the
+ New Registrationbutton - Fill in the details as follows
| Field | Value |
|---|---|
| Name | Work 365 Partner Center GCC Integration |
| Supported account types | Accounts in this organizational directory only (Work 365 AAD (Development) only - Single tenant) |
| Redirect URIs | Platform: Web |
| https://appext.work365apps.com/consent/microsoftpartnercenter/success https://service-us01.work365apps.com/consent/microsoftpartnercenter/success https://service-us01.work365apps.com/consent/partnercenter/admin/success https://service-us01.work365apps.com/consent/partnercenter/user/success https://service-eu01.work365apps.com/consent/microsoftpartnercenter/success https://service-eu01.work365apps.com/consent/partnercenter/admin/success https://service-eu01.work365apps.com/consent/partnercenter/user/success |
- Click the
Registerbutton - The application registration page should now open.
- From the left menu, click on
Authenticationand ensure that theID tokens (used for implicit and hybrid flows)is selected. - Click on
Certificates & secretsand create a new secret. Copy this secret since it will be required later. When choosing a time, select 24 months.
Note that this secret will need to be recycled every 24 months.
- Click on
API Permissionsand ensure that theConfigured permissionstable looks as shown
| API / Permissions name | Type | Description | Admin consent |
|---|---|---|---|
| Azure Service Management | |||
| user_impersonation | Delegated | Access Azure Resource Manager as organization users | No |
| Microsoft Graph | |||
| DelegatedAdminRelationship.ReadWrite.All | Application | Manage Delegated Admin relationships with customers | Yes |
| Directory.Read.All | Application | Read directory data | Yes |
| PartnerBilling.Read.All | Application | Read all billing data for your company's tenant | Yes |
| User.Read.All | Application | Read all users' full profiles | Yes |
| Microsoft Partner | |||
| user_impersonation | Delegated | ||
| Microsoft Partner Center | |||
| user_impersonation | Delegated |
- Click on
Overviewand copy theApplication (client) ID. This value and the secret (step 8) will be required when configuring the connector.
Step 2: Creating the Integration Account
The following steps describe the process of creating the Integration account.
- Login to Microsoft Partner Center using the GCC Global Administrator credentials
- Create New User
- In the Assists your customers as section, select
Admin Agent
At this point, a summary screen with a temporary password would be displayed. Use the credentials to verify access and confirm you can login using the credentials with MFA enabled.
MFA required for integration user
MFA must be enabled on the Integration user. The MFA cannot be conditional and must be configured to trigger on every login
Some helpful links
Step 3: Collecting Additional Partner Center Information for the Work 365 integration
From within Partner Center, collection the following additional information
- Microsoft ID (aka Tenant ID) (from the
Account settingssection) - Reseller request URLs (from
request a reseller relationshiplink on the Customers list)
Step 4: Creating the Microsoft Partner Center Provider in Work 365
- Go to Work 365, “Administration” in the bottom-left menu. Next click on “Admin Hub” in the left menu.
- Under “Configuration” at the top of the screen, click on the “Integrations” tab.
- Click and open the existing “Microsoft Partner Center” provider by clicking on the gear icon on the right.
- After opening the provider complete the details on the form as given below:
| Field | Setting Value |
|---|---|
| Name | Can identify Partner Center name by location (ie. Microsoft US Partner Center) |
| Authority | https://login.microsoftonline.us |
| Application ID | Value copied from Azure AD application created above. |
| Application Secret | Value copied from Azure AD application created above. |
Settings in Bold are required and Items in Italics are Recommended
- Save the record to continue the configuration process.
Step 5: Configuring the Partner Center using the Consent Framework
Note: MFA for the Partner Center Integration account MUST be enabled.
- Reopen the connector record that was just created.
- Fill in the following fields...
| Field | Setting Value |
|---|---|
| Partner Center Tenant Id | Value from Step #3 |
| Reseller Relationship Authorize URL | Value from Step #3 |
| Delegated Admin Authorize URL | leave blank |
| Usage Mismatch Tolerance | 1 |
| Azure Discounts | see Azure Specializations |
- Save the connector & then reopen the connector once again.
- The “Generate Consent Link” button should now appear – click this link to open a popup window with the consent instructions.
- Click the link icon to copy the consent link to the clipboard. Paste the link into a new private browser window (use Incognito/InPrivate browsing mode) and follow the instructions from the previous window for consent.
InPrivate / Incognito window required
It is essential to complete this step in Private browsing window or a new browser, so you don't confuse the System with the integration account and your own Azure AD identity
- Click the Start Consent Process button. Login with the Partner Center Integration Account when prompted and confirm the MFA.
- Go back to the Integration tab in the Admin Hub. Hit the gear icon on the Microsoft provider and click on the “Verify Connectivity” button. If the settings are correct, you should receive a successful confirmation; if the connectivity fails, redo the consent with the Integration user and try again.
Your Partner Center GCC Integration is complete in Work 365
Updated 2 months ago