Microsoft Office 365
SaaS Management integrates directly with Microsoft Office 365, so you can view all user activity within the application. The integration gives you the usage data you need to make informed decisions on inactive licenses and any renewal or purchasing options. User engagement data, such as the numbers of emails a user reads or sends in Outlook, can help you determine if their license is active or needed.
Integrating with Office 365
Before you can integrate with Office 365, you’ll first need to create a new service account in Office 365 and assign it the appropriate permissions. You’ll then use this service account to complete the integration.
Creating service accounts in Office 365
-
Create a new service account user. You can name the account
saas-mgmt-service-accountto help differentiate it from other accounts.Note
Ensure the service account’s credentials are appropriately secured.
-
Assign the account the Reports Reader role. This role permits SaaS Management to read and collect the data required for syncs. For more information on assigning admin roles, refer to Microsoft’s product documentation.
-
Assign the account the Application Admin role or provide the account with temporary elevated permissions.
Important
Avoid changing the service account’s permissions while the Office 365 integration is active in SaaS Management. Permission changes may cause the integration to fail, resulting in interruptions in your data.
Connecting Office 365 to SaaS Management
Important
Before you integrate the applications, make sure you sign out of your Office 365 individual account and service account.
- From the SaaS Management navigation menu, select Integrations.
- Select the Office 365 tile.
- Select Add Integration.
- Select the service account you created.
- Enter your password and select Sign in.
- Review the requested permissions and select the Consent on behalf of your organization checkbox.
- Select Accept to accept the requested permissions and complete the integration.
Your Office 365 usage data will start syncing immediately and should finish within 24 hours.
Requested Scopes
SaaS Management requests the following scopes:
| Type | Scope | Description | Admin Approval Required |
|---|---|---|---|
| User Permissions | User.Read.All | Read all users' full profiles | Yes |
| User Permissions | User.Read | Read the profiles of signed-in users | No |
| Group Permissions | Group.Read.All | Read all groups | Yes |
| Directory Permissions | Directory.Read.All | Read directory data | Yes |
| Reports Permissions | Reports.Read.All | Read all usage reports | Yes |
| Audit Log Permissions | AuditLog.Read.All | Read audit log data | Yes |
| OpenID Connect (OIDC) Permissions | offline_access | Access user's data any time (Generate refresh token) | No |
For more information about these scopes, refer to Microsoft's product documentation.
User Metadata
SaaS Management pulls the following user metadata from Office 365. You can filter your usage data by these fields:
| Field | Description |
|---|---|
| Department | The department the user works in. |
| Is Resource Account | Indicates whether the account is a resource account. |
| License Names | The list of normalized licenses associated with the user. |
| License Values | The list of licenses associated with the user. |
| User Type | Classifies user types in your directory. |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://platform.sailpoint.com/discuss/tos.