Permissions for Shared Mailbox Management

For aggregation of Shared Mailboxes and user's Shared Mailbox Membership, the service account must be a member of the Account Operator Group and Recipient Management Group.

For the Create or Update operation on a Shared Mailbox and when assigning a Shared Mailbox to a user account:

The service account must be a member of Account Operator Group and Recipient Management Group.
Update the Send As permission of the Shared Mailbox, the service account must have the Active Directory Permissions Exchange Role. By default, every member of the Organization Management group has Exchange Role with higher capabilities, which is not required for this operation. Hence SailPoint recommends creating a custom Exchange Admin Role Group.

To create a custom Exchange admin role group, complete the following:

On the Exchange admin center page, select Permissions in the left pane.
Under the admin roles tab, select the + icon to create a new Role Group.
On the Role Group window, enter the Name and Description.
From the list of Roles that are displayed, search and select Active Directory Permissions Role and then select Save.

This creates a Universal Security Group with the given name under the Microsoft Exchange Security Groups organization unit. Add the service account to this group.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Permissions for Shared Mailbox Management

Documentation Feedback