Contact us at 408.675.5020 or

Home Page

Knowledge Base Search     Advanced

Create and Test the Office 365 Connection

Article ID: 236
Last updated: 23 Mar, 2020

Identity Maestro server needs, at minimum, a connection to the primary Directory that hosts the user accounts that will use Identity Maestro to manage user identities and group objects in target systems.  Additional connections can be added using the same procedure once the server is licensed.  

This procedure involves:

Applies to

  • Identity Maestro 4.1.1+

Getting Started

Prior to running the Microsoft Online connection wizard, ensure that the following prerequisites have been met:

  • Identity Maestro has been installed including the MSOnline version 1 components. See Prepare Windows Server to Host Identity Maestro for details.
  • A connection exists in the Connection Utility to the Active Directory domain that will host the user accounts for those users that will be provisioned with Office 365 mailbox accounts.
  • A connection user has been created in the Office 365 subscription instance. That user does not need to be licensed but it must be assigned the Global Administrator role. You need to login into that Office 365 portal as that connection user at least once.
  • Must be able to access the Office 365 administration portal using a web browser from the Identity Maestro server.  This may require specific settings to the corporate firewall(s).
  • Ensure that web services are running and that the Azure AD Remote Agent ( is available in a web browser.

Create a Connection to Office 365

To create an Active Directory connection:

  1. Locate and launch the Identity Maestro (ServiceControl) Connection Utility.

  2. Under "New Connection..." click on "Microsoft Online".

  3. At the "Welcome" window, Click Next.

    If any one of the prerequisite items is not checked, click Cancel and install the missing component.

  4. At the "Provide Azure AD Information" window, provide the domain name for the Office 365 subscription instance (this is normally a normal domain name like, email address of the connection user, and the password. 

    Click Next > to continue.

  5. At the "Choose Local Domain Controller" window, select the AD domain controller for the AD domain that will host the AD user accounts for the Office 365 user mailboxes.  

    Click Next > to continue.

  6. In the "Configuration Results" window, confirm that the information is correct.  Click Back to make changes.

    Click Finish

  7. This will add the Office 365 connection in the connections panel.

  8. If your Office 365 subscription supports multiple domain names, add a connection (steps 2 to 7) for each domain name that Identity Maestro will be used to manage those users.

Add the Connection to the Azure AD Remote Agent & Test the Connection

This procedure will create a matching connection in the Azure AD Remote Agent and complete the configuration and testing of the Microsoft Online connection.

  1. Double-click the Office 365 connection.

  2. Select the Remote Agent tab.

  3. Ensure that the host displays and port displays 40002.  This indicates that the connection will work with the locally installed Remote Agent web application. Click the 1. Update Remote Agent button.  This may take a few minutes.  The Connection Utility will write the connection information to the Remote Agent.

    If the "Agent Status" shows an error, check IIS Manager and confirm that the application pool and website are running.  Perform a Basic Settings Test Settings test to confirm that the configuration is correct.  See Confirm Identity Maestro Websites in IIS Manager for more information.

  4. In the Connection Utility, in the Remote Agent tab, click the Test AAD Connection button.  It should pass.

  5. Click the Update Agent in WE button.  This will write the connection path to the Workflow Engine so that actions from workflows will be passed to the Remote Agent.

  6. Save the connection which will close.

  7. Repeat this procedure for each new MSOnline connection.

Test the Connections

At any point in time, you can check the Office 365 connections by:

  1. In the Connection Utility, double-click the Microsoft Online connection for the Office 365 instance, select the Remote Agent tab and clicking the 2. Test the AAD Connection button.

  2. Click Cancel and close the Connection Utility.

  3. In a web browser on the Identity Maestro server, go to Click on the Swagger icon.

  4. Expand the Connections list and select TestConnection.


  5. Scroll down the Parameters section and click the Example Value.  This will add the text to the white Value req textbox.

  6. Replace "string" with the desired domain name, e.g. Click Try It Out!.


  7. The Response should display an ID value and other details about the domain connection, and the Response Code should be 200.

  8. Close the browser.

This article was:   Helpful | Not helpful Report an issue

Article ID: 236
Last updated: 23 Mar, 2020
Revision: 14
Views: 1587
Comments: 0
print  Print email  Email to friend share  Share pool  Add to pool comment  Add comment
Prev     Next
Office 365 Exchange Online       Install and Configure the Azure License Profile Manager