Office365 Assigning Administrator roles
We described above, office365 federated authentication to achieve SSO and office365 Active Directory synchronization configuration filter, after the above introduction, we still have a problem is more important, that is the authority problem, For the purpose of configuring SSO for easy login and management of the Office365 portal page, when synchronizing multiple users to office365 from the local active directort, how to assign permissions to the non-user, authorizing those local active Directory has the right to manage office365 portal functions, today on the office365 of the rights assigned to do the introduction, first of all, we know that office365 on the body of the authority distribution there are 5 different,
Billing Administrator : Make purchases, manage subscriptions, manage support tickets, and monitor service health.
Note If you do not purchase Office 365 from Microsoft, you cannot make a billing change, so you cannot assign the account Administrator role to you. For billing issues, contact the administrator of the Organization for which you purchased the subscription.
Global Administrator : access to all administrative functions. A global administrator is the only administrator who can assign other administrator roles. You can have more than one global administrator in your organization. People who sign up for Office 365 will become global administrators.
Password Administrators : Reset passwords, manage service requests, and monitor service health. Password administrators are limited to resetting passwords for users and other password administrators.
Service Administrator : manages service requests and monitors service health.
Note Before global administrators can assign the service administrator role to users, they should first assign user administrative permissions to the service (such as Exchange Online), and then assign the service administrator role to users in Office 365.
User Management administrator : Resets passwords, monitors service health, and manages user accounts, user groups, and service requests. User Management Administrators cannot delete global administrators, create additional administrator roles, or reset passwords for accounts, global, and service administrators.
Some administrator roles in Office 365 have corresponding roles in Exchange Online, SharePoint online, and Lync online. See the following table to learn how these Office 365 Administrator roles are converted to roles in different Office 365 services
650) this.width=650; "title=" clip_image002 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image002" src= "http://s3.51cto.com/wyfs02/M00/5A/08/wKiom1T0DXSx-eI_AADBo1aNtSA636.jpg" height= "287"/>
View Administrator rights by role
650) this.width=650; "title=" clip_image004 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image004" src= "http://s3.51cto.com/wyfs02/M01/5A/08/wKiom1T0DXTAcynaAAGfcR8lUIc690.jpg" height= "761"/>
After the configuration is in effect, we can login to the OFFICE365 portal page via the local AD user
Authorization for the local AD user;
650) this.width=650; "title=" clip_image006 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image006" src= "http://s3.51cto.com/wyfs02/M02/5A/08/wKiom1T0DXSQ0aw3AAClF_HiKf4491.jpg" height= "268"/>
The default sync ad user is unable to manage the Office365 portal page,
Show portal page for Outlook only after default login
650) this.width=650; "title=" clip_image008 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image008" src= "http://s3.51cto.com/wyfs02/M00/5A/08/wKiom1T0DXWyoNamAACqEvvOYAg843.jpg" height= "267"/>
After we log on by using the default permissions of the local Active Directory user, click Admin---office365
650) this.width=650; "title=" clip_image010 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image010" src= "http://s3.51cto.com/wyfs02/M01/5A/08/wKiom1T0DXWDK7dpAAC-pOlvvbY427.jpg" height= "322"/>
Discovery can only jump to this page, this page cannot manage the function of office365
650) this.width=650; "title=" clip_image012 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image012" src= "http://s3.51cto.com/wyfs02/M02/5A/08/wKiom1T0DXWBtT2zAAENB2mOwzo033.jpg" height= "317"/>
Current landed local Active Directory user
650) this.width=650; "title=" clip_image014 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image014" src= "http://s3.51cto.com/wyfs02/M00/5A/08/wKiom1T0DXWhix1UAAELhA-YcEY149.jpg" height= "311"/>
What if you want to add office365 Portal Admin page permissions to the specified user?
We log on to the Office365 administration page through the administrator----the active user----Select the user who needs authorization---edit;
650) this.width=650; "title=" clip_image016 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image016" src= "http://s3.51cto.com/wyfs02/M01/5A/08/wKiom1T0DXWzmqlrAAC2QdD4aa0772.jpg" height= "271"/>
Default is no role assigned----NO
650) this.width=650; "title=" clip_image018 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image018" src= "http://s3.51cto.com/wyfs02/M00/5A/08/wKiom1T0DXWw3CKfAABwmbXjtBY009.jpg" height= "281"/>
We choose to assign a role---is----Select the Assign Administrator role type----then enter an alternate email address, the way password expires---and then save
To test, we give the user the largest selection---global Administrator
650) this.width=650; "title=" clip_image020 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image020" src= "http://s3.51cto.com/wyfs02/M01/5A/04/wKioL1T0DoaRQa09AAB_yqZlrxk251.jpg" height= "273"/>
We can also see the assigned role type
650) this.width=650; "title=" clip_image022 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image022" src= "http://s3.51cto.com/wyfs02/M01/5A/08/wKiom1T0DXXS_wr7AAB7-HPD504688.jpg" height= "280"/>
Can be saved after confirmation
650) this.width=650; "title=" clip_image023 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image023" src= "http://s3.51cto.com/wyfs02/M00/5A/08/wKiom1T0DXaxZ7m_AAB_pV6plKI070.jpg" height= "273"/>
After saving, we log in again
Click Administrator---office365
650) this.width=650; "title=" clip_image025 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image025" src= "http://s3.51cto.com/wyfs02/M01/5A/04/wKioL1T0DoeTzLJ4AACufoaiTR4965.jpg" height= "296"/>
Found that the user has permission to manage office365.
650) this.width=650; "title=" clip_image027 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;margin:0px;border-left:0px;padding-right:0px; "border=" 0 "alt = "clip_image027" src= "http://s3.51cto.com/wyfs02/M02/5A/04/wKioL1T0DofD1lgPAADnRCzHnWM701.jpg" height= "315"/>
We can also learn about the user information in those rights groups by clicking the active user----Selecting the option to try----View the role type, and here we select the Global administrator-----There are two administrators, Gavin as local administrators.
650) this.width=650; "title=" clip_image029 "style=" border-top:0px;border-right:0px;background-image:none; border-bottom:0px;padding-top:0px;padding-left:0px;border-left:0px;padding-right:0px, "border=" 0 "alt=" clip_ image029 "src=" http://s3.51cto.com/wyfs02/M02/5A/08/wKiom1T0DXbSNYrEAAC4OJkReOk498.jpg "height=" 268 "/>
This article from "Gao Wenrong" blog, declined reprint!
Office365 Assigning Administrator roles