Executing the SAM Setup Wizard

Do not attempt to log in to CIPP with the CIPP Service Account you created. Make sure you've gone through the steps of inviting yourself into your CIPP instance either via Azure (self-hosted) or through the Management Portal (hosted).

Walkthrough Video for Running the SAM Setup Wizard


When using the SAM Wizard to create your CIPP-SAM application, it's important to remember the following:

  • You're using a chromium based browser. It MUST allow cookies and have any ad-blocker disabled for the duration of the wizard. Do not use in-private mode.

  • When you're asked to authenticate during the SAM Setup Wizard, remember to use to the CIPP service account credentials. If you do not have a service account prepared you can do so now by going to the Creating the CIPP Service Account page and following the instructions there.

  • The SAM Wizard only needs to be run once to connect to your tenant, including all partner tenants, but there may be situations where you need to reinitialize the process.

This guide walks you through the process from the video of executing the SAM Wizard inside CIPP for the first time, and has 3 options based on what you're looking to accomplish. In this example, we use the first-time setup option, but more details on additional options can be found in the sections below.

SAM Wizard Option
When to use

I would like CIPP to create an application for me.

This will guide you through all the necessary steps for connecting to your tenants for the first time. Click the Start Setup Wizard button to start the process.

I would like to refresh my token or replace the user for previous token.

Select this option if you have used the incorrect account to setup the SAM wizard, need to renew tokens due to an expired password, or when you are instructed to do so by the Helpdesk.

I have an existing application and would like to manually enter or update my token.

This option is for advanced users and those following the migration manual in Migrating to a hosted instance of CIPP.

Walkthrough Steps for Running the SAM Setup Wizard


  1. Once you've logged into your CIPP instance, navigate to Settings -> SAM Setup Wizard

  1. For the purposes of this walkthrough, we'll act as if this is your first time running through this process, and you'd like to follow CIPP's recommended settings by clicking I would like CIPP to create an application for me.

  1. On the next page, click on the Start Setup Wizard button.

  1. Copy the code from the returned step to your clipboard.

  1. Then click on the "HERE" link beside the code.

  1. Enter the code we've copied in the previous step & click Next.

  1. Select the option "Use another account".

  1. This is where we will enter the credentials you've created for the CIPP service account. If you have not yet done that, follow the steps on the Creating the CIPP Service Account page. Remember that this account MUST use multifactor authentication.

  1. Click on the "Continue" button. You may close this window when prompted.

  1. Back in CIPP, click on the link that now appears when you see we've arrived at step number 2.

  1. Login with the CIPP Service Account again.

  1. Click on the Accept button. This will forward you to the page that reports the authentication status. You may close this page when instructed.

  1. Back in CIPP, you should see it says "Setup Completed". You can now click on the "Application Settings" button.

  1. From there, you'll want to click on the "Run Permissions Check" button. This check should show a successful result when all steps have been performed.

And that's it! Now you're ready to move on to adding your tenants and consenting the application.

Last updated