Topic
This article explains use Service Principal Authorization to create custom roles in NinjaOne SaaS Backup.
Environment
NinjaOne SaaS Backup
Description
You can use Service Principal Authorization to create custom roles in NinjaOne SaaS Backup. Review the sections below to learn how.
How do I find the SPA toggle?
- Login to the Partner Portal
- Go to the Organization Page
- Select an Organization, then click "View Details"
- The SPA toggle is available under the Features tab
What is the default value of the SPA toggle?
It will be in a disabled state.
What is the effect on the End-User Portal once the toggle is activated?
Users will be redirected to use manual custom role creation while adding M365 backup. On the other hand, when the toggle is deactivated, users will be redirected to use the automated custom role creation while adding M365 backup.
What does manual custom role creation mean when adding the M365 backup?
Manual custom role creation refers to the manual process of creating a role with minimum necessary permissions to perform backup tasks. The role is created by running a PowerShell script. In the manual flow, users must download and run the PowerShell script instead of letting NinjaOne SaaS Backup run it.
Follow these steps to add M365 backup with manual custom role creation:
- Log in to the End-User portal
- Click the "+Add Backup" button on the Dashboard page.
- Click the "Sign in with Microsoft 365" button
- Input the M365 Global admin account accordingly
- Click the "Accept" button
- Once the consent is granted, the user will be redirected to the M365 AUTHORIZATION page. There are two steps in total.
- Step One - Create Backup Application - sub-applications are created in the user's tenant (may take a few seconds to complete)
- Step Two - Click the "Verify & Continue" button to complete the authorization. Please ensure you follow all three provided instructions for a successful result
- Download the PowerShell script by clicking the provided button
- Open your PowerShell command prompt, then run the script (point 2.1) until it is executed completely
- A brief FAQ section has been included to further assist you in understanding the flow
- Once authorization is successful, you will be redirected to the M365 account list page where you can start selecting mailboxes to backup.
What does automated custom role creation mean when adding the M365 backup?
Automated custom role creation refers to the automated process of creating a role with minimum necessary permissions to perform backup operations. The role is created by running a PowerShell script. In the automated flow, NinjaOne SaaS Backup will run the PowerShell script instead of letting users do so.
To add M365 backup with automated custom role creation, follow these steps:
- Log in to the End-User portal
- Click the "+Add Backup" button on the Dashboard page
- Click the "Sign in with Microsoft 365" button
- The system shows two options, select the second line to experience Service Principal Authentication (SPA). The first line corresponds to the current authorization, which still involves Global Admin creation.
- Input the M365 admin account accordingly
- Scroll down the page and click the "Accept" button to allow our application to be backed up
- Once the consent is granted the user will be redirected to the M365 AUTHORIZATION page. There are two steps in total.
- Step One - Create Backup Application - sub-applications are created in the user's tenant (may take a few seconds to complete)
- Step Two - Device Authorization - start by clicking the available link
- The system will redirect you to the new Microsoft window, copy and paste the code from the portal, then click the "Next" button
- Select the correct email admin
- Click the "Continue" button
- Once you see this screen, device authorization is complete. You may close the window.
- Back in the End-User portal, click the "Verify & Continue" button to finish this step
- Once it is successful, the system will list all of the M365 Accounts on this tenant. Select the account you wish to add to the backup
Related to