The VMware Identity Manager service currently includes provisioning adapters for Microsoft Office 365. Complete the following steps to configuring the Provisioning Adapter for Office 365.

  1. Navigate to Apps & Books > Applications > Web > SaaS and select New.
  2. In the Definition tab browse for Office 365. Complete the Definition tab and Select Next. For more information, see Add SaaS Applications in the AirWatch Console .

  3. Complete the text boxes in the Configuration tab. For more information, see Add SaaS Applications in the AirWatch Console .
  4. Enable Setup Provisioning. By default, the provisioning setup is disabled. Once you select Setup Provisioning, Provisioning, User Provisioning,༔ and Group Provisioning tabs added to the left navigation.
  5. Add Client Access Policies for Office 365 clients. For information, see Add Office 365 Applications with a Client Access Policy.

  6. In the Provisioning tab, select Enable Provisioning, and enter the following information:

    Setting Description
    Office 365 Domain Enter the Office 365 domain name. For example, example.com. Users are provisioned under this domain.
    Application Client ID Enter the AppPrincipalId obtained when creating the service principal user.
    Application Client Secret Enter the password created for the service principal user.
  7. By default, Provision With License is disabled. On selecting Provision With License, you can enter the following information:

    Setting Description
    SKU ID Enter the SKU information.
    Remove License When De-Provisioned Select the option if you want to remove the license when you deprovision Office 365 application.
  8. To verify that the Office 365 tenant can be reached, Select Test Connection.
  9. Select Next.
  10. In the User Provisioning tab, select the attributes with which to provision users in Office 365.

    Make sure that the following required Active Directory attributes are configured to one of the required attribute names in the User Attributes page:

    1. The Mail Nickname attribute must be unique within the directory and cannot contain any special characters. Map the Mail Nickname attribute to user name. Once mapped, do not change the Mail Nickname.

    2. The objectGUID attribute is a custom attribute that first must be added to the User Attribute list. The ObjectGUID

      is mapped to the GUID attribute.

    Select Add Mapped Value, if you want to add an Attribute Name and Value.

    Note:

    The UserPrincipalName (UPN) is constructed automatically. You do not see the mapped value. The provisioning adapter appends the Office 365 domain to the mailNickname attribute value (user.userName) to create the UPN. This is appended as, user name +@+ O365_domainname. For example, jdow@office365example.com

  11. Select Next.
  12. In the Group Provisioning screen, you can complete the Group Provisioning task. When a group is provisioned in Office 365, the group is provisioned as a security group. The members of the group are provisioned as users, if they do not exist in the Office 365 tenant. The group is not entitled to resources when provisioned. If you want to entitle the group to resources, create the group and then entitle resources to that group. Select Add Group and complete the following steps:
    1. In the Select Group text box, search for the group to be provisioned in Office 365.

    2. In the Mail Nickname text box, enter a name for this group. The nickname is used as an alias: Special characters are not allowed in the nickname.

    3. Select Save.

    You can deprovision a group in the Office 365 application. The security group is removed from the Office 365 tenant. Users in the group are not deleted. To deprovision a group, select the user group and Select Deprovision .
  13. Select Next to view the Summary tab.
  14. Select Save to Save the configurations or Save and Assign to deploy Office 365 to users and groups configured from your Active Directory system.