Executing the SAM Setup Wizard

Do not attempt to log in to CIPP with the CIPP Service Account you created. Make sure you've gone through the steps of inviting yourself into your CIPP instance either via Azure (self-hosted) or through the Management Portal (hosted).

Walkthrough Video for Running the SAM Setup Wizard

Video removed temporarily as it referenced the v6 UI and process.


This guide walks you through the process from the video of executing the SAM Wizard inside CIPP for the first time, and has 3 options based on what you're looking to accomplish. In this example, we use the first-time setup option, but more details on additional options can be found in the sections below.

SAM Wizard Option
When to use

Create application for me and connect to my tenants

This will guide you through all the necessary steps for connecting to your tenants for the first time. Click the Next Step button to start the process.

Refresh Tokens for existing application

Select this option if you have used the incorrect account to setup the SAM wizard, need to renew tokens due to an expired password, or when you are instructed to do so by the Helpdesk.

Manually enter credentials

This option is for advanced users and those following the migration manual in Migrating to a hosted instance of CIPP.

Walkthrough Steps for Running the SAM Setup Wizard


  1. Once you've logged into your CIPP instance, navigate to Settings -> SAM Setup Wizard

  2. For the purposes of this walkthrough, we'll act as if this is your first time running through this process, and you'd like to follow CIPP's recommended settings by clicking Create application for me and connect to my tenants.

  3. Click on the Next Step button.

  4. Copy the code from the returned step to your clipboard.

  5. Then click on the Login to Microsoft button.

  6. Enter the code we've copied in the previous step & click Next.

  1. Select the option "Use another account".

  1. This is where we will enter the credentials you've created for the CIPP service account. If you have not yet done that, follow the steps on the Creating the CIPP Service Account page. Remember that this account MUST use multifactor authentication.

  1. Click on the "Continue" button. You may close this window when prompted.

  1. Back in CIPP, click on the Open Approval Linl button that now appears when you see we've arrived at step number 2.

  2. Login with the CIPP Service Account again.

  1. Click on the Accept button. This will forward you to the page that reports the authentication status. You may close this page when instructed.

  1. Back in CIPP, you should see it says "Setup Completed".

  2. You should now navigate to Application Settings > Permissions.

  3. From there, you'll want to review the Permissions Check section. This check should show a successful result when all steps have been performed. If you need to run an updated check, click the Refresh button. If there are any errors, you can click the Details button and further information on the errors will be displayed, including the ability to repair any missing permissions.

Next Steps

Your next step will depend on if you have existing GDAP relationships to add or if you need to do a fresh GDAP onboarding.

  1. If you have existing GDAP relationships move on to Adding Tenants & Consenting the CIPP-SAM Application.

  2. If you need to do a fresh GDAP onboarding move on to Tenant Onboarding.

Last updated

Was this helpful?