Onboard CSP customers - PREVIEW ONLY

Prequisite: If you are a Microsoft Partner and want to onboard CSP customers, you need a Microsoft service account with a Global Admin role.

To onboard CSP customers as a Microsoft Partner, you authenticate your Microsoft service account credentials and then review and approve the N-able application's requested permissions. When authentication is complete, the Microsoft-verified N-able application is registered under your tenant with the granted permissions and the application is listed under Enterprise Applications in the Microsoft partner center.

Next, you map your N-able customers to Microsoft customers (Azure tenants) and forward a Granular Delegated Admin Permissions (GDAP) relationship request to an admin on the customer side to approve. Without approval by the customer, the GDAP relationship cannot be finalized and N-able cannot start ingesting data from the cloud for that customer.

Finally, you review and track your customers' integration status to ensure you obtain GDAP relationship approval.

To onboard CSP customers, the Cloud services setup guides you through the following three steps:

Register the N-able application under your MSP tenant to create a trusted relationship between the N-able application and Microsoft Azure.

In this step, you authenticate with your Microsoft service account credentials and approve the requested permissions for the N-able application.

  1. In the left-hand navigation menu, click Administration > Cloud Commander Setup
  2. Ensure MSP is selected in the drop-down menu and select Start setup

  3. Select Authenticate
  4. In the Microsoft login dialog, use your Microsoft service account credentials to authenticate
  5. Review the permissions requested and select Accept. The option to Consent on behalf of your organization is not required.

  6. If prompted, close popup to proceed

    When Microsoft finishes the registration, a message indicates you are connected. You are now authenticated as an MSP, and the Microsoft-verified N-able application is registered for your MSP organization.

  7. Select Next to go to the map customers step

In this step, you map your N-able customers and sites to Microsoft tenants, and a Granular Delegated Admin Permissions (GDAP) relationship is initiated for each mapped customer.

You do not need to map all your customers now. You can return to this mapping step at any time.

At the end of this onboarding process, your customer must approve the GDAP relationship before their integration can be finalized and Azure Resource Manager can ingest their data from the cloud.

  1. If you are onboarding for the first time, the Cloud services setup guides you to the Map customers step. Otherwise, go to Administration > Cloud Commander Setup.

    Your list of Microsoft tenants (customers) displays.

  2. For any of your Microsoft tenants, click in the N-able customer column and use the drop-down menu to select your N-able customer that maps to the Microsoft tenant

    The integration status changes to Needs approval when you select your N-able customer.

  3. Optionally, you can use the drop-down menu to also select the corresponding N-able site for the customer
  4. Repeat this process for as many customers as you want. You can always return to this mapping step to onboard additional customers.
  5. When you are finished mapping customers, select Next

    The Cloud services setup displays a summary of all the customer mappings you selected.

  6. Review the list of tenants you selected and click Confirm

    The customer list displays the updated Integration status for each mapped customer and provides a link to copy the GDAP relationship approval template. You use this approval template to obtain customer approval.

In this step, you review and track your customers' integration status to obtain GDAP relationship approval. You need customer approval to manage their Azure assets.

  1. If this is not your initial onboarding and you are returning to Cloud Commander Setup to review or obtain customer approval, go to Administration > Cloud Commander Setup

    Your list of Microsoft tenants (customers) displays. The list displays the current integration status for each customer and provides links to copy the GDAP relationship approval template for customers where approval is still needed.

  2. For each tenant that needs approval:
    1. Click Copy approval and when prompted, Copy the Approval template to send to your customer

      The Approval template explains the end customer setup process, and it contains a link for the end customer to follow to complete the N-able application setup.

    2. Paste the approval request into an email and customize the message with your company name, e-mail, and phone number
    3. Send the email to an administrator at the customer so they can approve the request

      The admin for the end customer must approve the request before Azure Resource Manager can ingest data from the cloud. For end customer approval instructions, see the Microsoft documentation.

      After the customer approves the request, the GDAP relationship is created and the integration status updates to Finalize.

    4. Click the link to Finalize approval

      The GDAP relationship is properly configured and the integration status updates to Approved. Azure Resource Manager can now ingest data from the cloud. Data synchronization begins almost immediately, but it may take up to five minutes for the data to collect and display in the Cloud Inventory.

      GDAP relationships are created with an expiration of 730 days, which is the maximum time allowed by Microsoft. Microsoft does not support extension of GDAP relationships to ensure your end customers are actively aware that you have on-going access to their tenant.

      If a GDAP relationship expires, its integration status changes to Not configured, and you must request a new GDAP relationship by onboarding that customer again and repeating the approval process.

To rerun the Cloud services setup at any time to reconfigure existing customers or to onboard new customers, go to .

After you onboard your cloud services, you can make the following changes:

Integration status descriptions

We track and display the status of the GDAP relationship workflow between the Microsoft tenant and your N-able customer.

Status Description Action
Not configured GDAP relationship not established

This status occurs when:

  • Initial status — GDAP relationship not yet defined or attempted
  • Offboarded customer — You have unmapped the customer

 If you want to onboard the customer, select your N-able customer and site that maps to the Microsoft tenant
Needs approval Customer mapping is selected but the GDAP relationship is not yet customer approved When prompted, click the Copy approval link to send to your customer
In-progress Transitional state No action required, but you can refresh the page to get an updated status
Finalize GDAP relationship is approved by the customer When prompted, click the Finalize approval link
Approved GDAP relationship is properly established. Azure Resource Manager can now ingest data from the cloud. No action required
Error GDAP relationship reports an error Resolve the issue causing the error, then use the Reset Approval link to try the customer mapping process again
Pending relationship Customer mapping exists in N-able but the GDAP relationship is terminated in Microsoft Offboard the customer (unmap) and onboard them again
Ignored Customer mapping existed but is now removed No action required
Issues found GDAP relationship cannot be created or can be created with but without all the required access permissions When prompted, click the Accept relationship link and then choose one:
  1. Revalidate — if you think you have resolved the issue and want to retry
  2. Accept — proceed despite the limitations
Approval with limitations Status applied when you accept the GDAP relationship after it had a previous status of Issues found No action required