[Microsoft 365 18.4+] Giving Consent and Acquiring Refresh Token : CloudBlue Technical Support

Microsoft 365 Application
- Automatic Procedure
- Manual Procedure
Federated Credentials Provider Application

Microsoft 365 Application

This section describes how you can grant consent to the permissions that the Microsoft 365 application requires, and, as a result, acquire a refresh token for the application instance that belongs to your CSP partner account. This refresh token will be used by the Microsoft 365 application to make calls to the Partner Center and Graph APIs on behalf of your CSP partner account.

There are two procedures to grant consent and acquire a refresh token: automatic and manual. You should use the automatic procedure if you have administrative access both to your CloudBlue Commerce system and your CSP partner account. You should use the manual procedure if you have administrative access to your CloudBlue Commerce system but do not have administrative access to your CSP partner account.

Automatic Procedure

To give your consent and acquire a refresh token for the application instance that your CSP partner account belongs to, follow these steps:

In the Provider Control Panel, perform the following:
1. Go to Services > Applications. Then, select the APS Connectors tab and click the Microsoft 365 application.
2. Select the Instances tab. Then, click on the application instance that belongs to your CSP partner account.
3. Select the Microsoft 365 tab. Then, select the Settings subtab.
4. Click on the Manage Refresh Token button.
5. In the Automatic Update area, click on the Update Refresh Token button. The login page of the Microsoft Partner Center will be opened in a new browser window.
In the new browser window, perform the following:
1. Sign in using the credentials of a user that has the Global admin and Admin agent roles.
  Note: Multi-Factor Authentication (MFA) must be enabled for the user, as described at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates.
2. Click on the Accept button to give your consent to the permissions that the Microsoft 365 application requires. You will be redirected from the Microsoft Partner Center to a special site.
3. On the Partner Onboarding Web Application page of the site, make sure that the acquisition of the refresh token is being performed successfully: there must be a message like The consent has been granted successfully. The authorization code has been sent ... After that, close the new browser window.
In the Provider Control Panel, perform the following:
1. Make sure that a message like Your refresh token has been successfully updated is shown.
2. Click on the Test Connection button to validate that the Microsoft 365 application can make calls to the Partner Center and Graph APIs on behalf of your CSP partner account using the refresh token.

Manual Procedure

To obtain consent and acquire a refresh token for the application instance that your CSP partner account belongs to, follow these steps:

(This step requires administrative access to your CloudBlue Commerce installation) In the Provider Control Panel, perform the following:
1. Go to Services > Applications. Then, select the APS Connectors tab and click the Microsoft 365 application.
2. Select the Instances tab. Then, click on the application instance that belongs to your CSP partner account.
3. Select the Microsoft 365 tab. Then, select the Settings subtab.
4. Click on the Manage Refresh Token button.
5. In the Manual Update area, click Copy to copy the URL shown on the screen.
6. Send the URL to a person who has administrative access to your CSP partner account.
(This step requires administrative access to your CSP partner account) In a new browser window, perform the following:
Note: The authorization code has a lifetime of several minutes, therefore steps 2 and 3 must be performed as fast as possible.
1. Navigate to the URL that you received. The login page of the Microsoft Partner Center will be opened.
2. Sign in using the credentials of a user that has the Global admin and Admin agent roles.
  Note: Multi-Factor Authentication (MFA) must be enabled for the user, as described at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates.
3. In the Microsoft Partner Center, click on the Accept button to give your consent to the permissions that the Microsoft 365 application requires. You will be redirected from the Microsoft Partner Center to a special site.
4. On the Partner Onboarding Web Application page of the site, copy and write down the authorization code. After that, close the browser window.
5. Send the authorization code to the person who provided you with the URL.
(This step requires administrative access to your CloudBlue Commerce installation) In the Provider Control Panel, perform the following:
Note: The authorization code has a lifetime of several minutes, therefore steps 2 and 3 must be performed as fast as possible.
1. Go to Services > Applications. Then, select the APS Connectors tab and click the Microsoft 365 application.
2. Select the Instances tab. Then, click on the application instance that belongs to your CSP partner account.
3. Select the Microsoft 365 tab. Then, select the Settings subtab.
4. Click on the Manage Refresh Token button.
5. In the Manual Update area, specify the authorization code that you received and click Update.
6. Make sure that a message like Your refresh token has been successfully updated is shown.
7. Click on the Test Connection button to validate that the Microsoft 365 application can make calls to the Partner Center and Graph APIs on behalf of your CSP partner account using the refresh token.

Federated Credentials Provider Application

To grant consent and acquire a refresh token for an endpoint of the Federated Credentials Provider application, use the instructions provided in this article.

Important: For the refresh token to function properly, the time on your Microsoft 365 endpoint host must be correct and match the current time. Otherwise, the refresh token may be considered as expired.