Executing the SAM Setup Wizard
Walkthrough Video for Running the SAM Setup Wizard
When using the SAM Wizard to create your CIPP-SAM application, it's important to remember the following:
You're using a chromium based browser. It MUST allow cookies and have any ad-blocker disabled for the duration of the wizard. Do not use in-private mode.
When you're asked to authenticate during the SAM Setup Wizard, remember to use to the CIPP service account credentials. If you do not have a service account prepared you can do so now by going to the Creating the CIPP Service Account page and following the instructions there.
This guide walks you through the process from the video of executing the SAM Wizard inside CIPP for the first time, and has 3 options based on what you're looking to accomplish. In this example, we use the first-time setup option, but more details on additional options can be found in the sections below.
Create application for me and connect to my tenants
This will guide you through all the necessary steps for connecting to your tenants for the first time. Click the Next Step button to start the process.
Refresh Tokens for existing application
Select this option if you have used the incorrect account to setup the SAM wizard, need to renew tokens due to an expired password, or when you are instructed to do so by the Helpdesk.
Manually enter credentials
This option is for advanced users and those following the migration manual in Migrating to a hosted instance of CIPP.
Walkthrough Steps for Running the SAM Setup Wizard
Once you've logged into your CIPP instance, navigate to
Settings
->SAM Setup Wizard
For the purposes of this walkthrough, we'll act as if this is your first time running through this process, and you'd like to follow CIPP's recommended settings by clicking
Create application for me and connect to my tenants
.Click on the
Next Step
button.Copy the code from the returned step to your clipboard.
Then click on the
Login to Microsoft
button.Enter the code we've copied in the previous step & click Next.
Select the option "Use another account".
This is where we will enter the credentials you've created for the CIPP service account. If you have not yet done that, follow the steps on the Creating the CIPP Service Account page. Remember that this account MUST use multifactor authentication.
Click on the "Continue" button. You may close this window when prompted.
Back in CIPP, click on the
Open Approval Linl
button that now appears when you see we've arrived at step number 2.Login with the CIPP Service Account again.
Click on the
Accept
button. This will forward you to the page that reports the authentication status. You may close this page when instructed.
Back in CIPP, you should see it says "Setup Completed".
You should now navigate to Application Settings > Permissions.
From there, you'll want to review the Permissions Check section. This check should show a successful result when all steps have been performed. If you need to run an updated check, click the Refresh button. If there are any errors, you can click the Details button and further information on the errors will be displayed, including the ability to repair any missing permissions.
Next Steps
Your next step will depend on if you have existing GDAP relationships to add or if you need to do a fresh GDAP onboarding.
If you have existing GDAP relationships move on to Adding Tenants & Consenting the CIPP-SAM Application.
If you need to do a fresh GDAP onboarding move on to Tenant Onboarding.
Last updated
Was this helpful?