Creating the CIPP Service Account (GDAP Migration Required)

Setup Video for the CIPP Service Account

CIPP Service Account Setup

  1. Create a new account. We recommend to name this account something obvious such as "CIPP Integration" and give it the username "CIPP@domain.tld"

    1. This account must be a Global Administrator while setting up the integration. These permissions may be removed after the integration has been setup.

  2. Add the account to the AdminAgent group. This group is required to be able to perform a GDAP migration.

  3. This account must have Microsoft multi-factor authentication enforced for each logon, either via Conditional Access when available or via Per User MFA when Conditional Access is not available

    • You may not use any other authentication provider than Microsoft for this account. Duo or other providers will not work. For more information on this see this

Setup the SAM Wizard

Execute the steps in Executing the SAM Setup Wizard and return to this page.

Migrating to GDAP

Before you'll be able to use CIPP you will need to perform a GDAP migration for each of your tenants, for those steps follow the instructions in GDAP Invite Wizard

Last updated