Here is the complete list of all the credentials and permissions that are requested during the onboarding process.
Credentials
Owner account
During the first steps of the onboarding process, you will be prompted to enter the User Principal Name and password for a Microsoft 365 account.
This account serves as the ownership account and must have specific characteristics:
- It must be a valid Microsoft Office 365 organizational account, meaning one that is associated with a work or school account.
- The account must be granted the Global Administrator role.
- It does not require an assigned Office 365 license.
- It can be a cloud-only account.
Remember that the administrative credentials (Microsoft 365 admin username and password) you provide during sign-up are not stored or retained by CoreView.
Service accounts
To import reporting data, CoreView creates service accounts for your Microsoft 365 tenant.
Here are the key points of their creation:
- They are read-only accounts, assigned the Global Reader and Reports Reader permissions.
- The number of accounts created depends on the size of your tenant, ranging from 2 to 10.
- They are solely used for connecting to your tenant and collecting reporting data.
- They are not authorized to make any changes within your environment.
- They do not require Office 365 licensing.
Remember not to delete the service accounts after onboarding, or the import of data into CoreView will stop working. Also, remember not to remove the granted permissions for the CoreView Registration App.
Permissions
Mandatory permissions
During onboarding, you will be asked to grant consent to the following Enterprise Applications. Providing permissions for these apps is mandatory to proceed with the onboarding.
- CoreView Portal: required for the user to log into the CoreView web interface.
- Integration App: necessary to collect reporting data from your tenant.
- Registration App: temporary application used to create service accounts.
The purpose, detailed list of permissions, and further information about these apps are available on the article List of CoreView Enterprise applications in our product manual.
Additional consents
After onboarding, when your CoreView Tenant is ready and you log in to the platform, you will be able to provide optional consents:
- Extra consents: these consents are necessary to properly utilize the features and add-ons of CoreView.
- Consent for Microsoft Graph: this is necessary for utilizing all custom management actions.
Please be aware that the number of CoreView app integrations may vary. We assess your tenant and, based on its size and transaction volume, we dynamically generate the necessary number of apps to manage the load CoreView requires.
Additional resources
For more information on Microsoft rights please refer to:
Azure Active Directory Graph API