Executing the SAM Setup Wizard
Last updated
Was this helpful?
Last updated
Was this helpful?
When using the SAM Wizard to create your CIPP-SAM application, it's important to remember the following:
You're using a chromium based browser. It MUST allow cookies and have any ad-blocker disabled for the duration of the wizard. Do not use in-private mode.
When you're asked to authenticate during the SAM Setup Wizard, remember to use to the CIPP service account credentials. If you do not have a service account prepared you can do so now by going to the page and following the instructions there.
This guide walks you through the process from the video of executing the SAM Wizard inside CIPP for the first time, and has 3 options based on what you're looking to accomplish. In this example, we use the first-time setup option, but more details on additional options can be found in the sections below.
Create application for me and connect to my tenants
This will guide you through all the necessary steps for connecting to your tenants for the first time. Click the Next Step button to start the process.
Refresh Tokens for existing application
Select this option if you have used the incorrect account to setup the SAM wizard, need to renew tokens due to an expired password, or when you are instructed to do so by the Helpdesk.
Manually enter credentials
Once you've logged into your CIPP instance, navigate to Settings -> SAM Setup Wizard
For the purposes of this walkthrough, we'll act as if this is your first time running through this process, and you'd like to follow CIPP's recommended settings by clicking Create application for me and connect to my tenants.
Click on the Next Step button.
Copy the code from the returned step to your clipboard.
Then click on the Login to Microsoft button.
Enter the code we've copied in the previous step & click Next.
Select the option "Use another account".
Click on the "Continue" button. You may close this window when prompted.
Back in CIPP, click on the Open Approval Linl button that now appears when you see we've arrived at step number 2.
Login with the CIPP Service Account again.
Click on the Accept button. This will forward you to the page that reports the authentication status. You may close this page when instructed.
Back in CIPP, you should see it says "Setup Completed".
You should now navigate to Application Settings > Permissions.
From there, you'll want to review the Permissions Check section. This check should show a successful result when all steps have been performed. If you need to run an updated check, click the Refresh button. If there are any errors, you can click the Details button and further information on the errors will be displayed, including the ability to repair any missing permissions.
Your next step will depend on if you have existing GDAP relationships to add or if you need to do a fresh GDAP onboarding.
This option is for advanced users and those following the migration manual in .
This is where we will enter the credentials you've created for the CIPP service account. If you have not yet done that, follow the steps on the page. Remember that this account MUST use multifactor authentication.
If you have existing GDAP relationships move on to .
If you need to do a fresh GDAP onboarding move on to .
