Start a Cloud Commander trial and setup
This page contains instructions to initially set up Cloud Commander.
- Step 1: Start a Cloud Commander trial
- Step 2: Prepare and authenticate a service account
- Step 3: Select the customers you want to onboard
- Step 4: Assign users to the default platform user groups
Requirements
- The person requesting the Cloud Commander trial must be able to create a service account in your Microsoft Partner Center, which requires the following permissions:
- Admin Agent role in your Microsoft Partner Center.
- Global Admin Microsoft Entra ID role in your MSP organization's tenant.
- The email address you provide for the person starting the trial must be able to receive email from N-able.
- Enrollment as a Microsoft Cloud Solution Provider. See Check your Microsoft account.
- An established relationship with your customers in Microsoft Partner Center. See Verify customer relationships.
- If applicable, you may need to adjust your customer tenant Conditional Access policies to allow Cloud Commander to operate. The service accounts you use with Cloud Commander must be able to sign in to your Partner Center and Customer Tenants from our environment. For more information about the policy adjustments that are needed, see this Microsoft article.
Step 1: Start a Cloud Commander trial
- Go to https://www.n-able.com/products/cloud-commander/trial.
- Enter your contact information.
- Enter an email address that can receive email from N-able.
- Select Start Your Free Trial.
A welcome email is sent to the email address, which includes a link to the Cloud Commander login page. Do not forward the link—it only works for the registered account. The link expires in 14 days.
If you don't receive the email or if the link expires, contact your sales representative or our support team.
- From the welcome email, select the link and sign in to Cloud Commander with the account credentials for the email address you used to request the trial.
- Review the permissions requested and select Consent on behalf of your organization to allow others to sign into Cloud Commander.
- Select Accept.
You are redirected to the Onboarding Assistant to guide you through the initial set up steps.
The Onboarding Assistant guides you to prepare a service account in the Microsoft Partner Center with the following attributes:
- Member of the Admin Agents group in Microsoft Entra ID.
- Global Admin Microsoft Entra ID role.
- Microsoft Entra ID multifactor authentication (MFA)—If you implement any third-party MFA for the service account, you can't manage customer environments using GDAP and Cloud Commander.
- Conditional access policies must not limit the account.
After your service account is set up, the Onboarding Assistant guides you to authenticate and register the Cloud Commander application.
Step 2: Prepare and authenticate a service account
As the first Cloud Commander user who requested the trial, you are assigned the following platform roles for your MSP organization:
- Administrators
- Role Administrators
- User Group Administrators
- Command Block Job Log Reader
- Partner Center Customer Writer
- On the fist page of the onboarding assistant, select Let's get started.
- Prepare your service account by choosing to generate a new service account or using an existing service account:
Your choice Actions Generate a service account - Select Generate service account.
We generate the service account and display the credentials.
- Select Copy to clipboard and then Continue.
- Review the authorization information and select the checkbox indicating that you understand the multifactor authentication requirement.
- Select Authorize with your service account.
A Microsoft login dialog displays with the username populated.
- Paste in the one-time password you copied earlier and select Sign In.
- Update the password.
- Follow the Microsoft prompts to set up multifactor authentication. MFA is a requirement for Microsoft Partner Center and Cloud Commander.
Use an existing service account - Select I already have a service account.
- Review the authorization information and select the checkbox indicating that you understand the multifactor authentication requirement.
- Select Authorize with your service account.
- In the Microsoft login dialog, use your service account credentials to authenticate.
- Follow the Microsoft prompts to set up multifactor authentication. MFA is a requirement for Microsoft Partner Center and Cloud Commander.
- Select Generate service account.
- In the Microsoft dialog, review the permissions requested and select Accept. The required permissions are only for the N-able application.
Following least privilege practice, we recommend you don't select Consent on behalf of your organization. Consenting may grant unintended elevated privileges to users in your organization.
- If prompted, close popup to proceed.
Cloud Commander is now connected, and we can access your Microsoft Partner Center to look for your customers and GDAP relationships.
- Select Continue to Cloud Commander to onboard your customers.
Step 3: Select the customers you want to onboard
Cloud Commander displays the list of Microsoft customers it found in your Microsoft Partner Center.
When you
We track and display the status of the GDAP relationship between the customer and Cloud Commander. See Status descriptions.
- Filter or search to find the customer you want to onboard, click in the Request approval status column of the customer, and select Enabled.
You can enable multiple customers now before you move to the next steps. You can also return to Microsoft Cloud Access later to add more customers.
If you already have a GDAP relationship with a customer that has the necessary permissions, the customer's status updates to Approved, and Cloud Commander can import data from the cloud for the customer.
- If there isn't an existing GDAP relationship or if additional permissions are needed, Cloud Commander creates the relationship, but the status is Needs approval because customer approval is required.
Select Copy approval to copy the link that's required to approve the GDAP request. Send the link to an administrator for the customer so they can approve the request. For instructions, see the Microsoft documentation.
When the customer approval is complete, the GDAP relationship status updates to Approved.
-
If the customer's status changes to Issues found, select Review limitations to view more information, and then choose one of these actions:
- If you don't plan to manage Microsoft Azure resources for the tenant and want to accept the current relationship, select Cancel.
The status for the tenant remains Issues found, and you can manage the tenant in Cloud Commander but without Microsoft Azure access.
- If you do plan to manage Microsoft Azure resources for the tenant, follow the instructions in this article to update the licenses of the tenant in your Microsoft account.
When complete, go back to the Cloud Commander Review limitations dialog for the tenant and select Revalidate.
- If you don't plan to manage Microsoft Azure resources for the tenant and want to accept the current relationship, select Cancel.
- Select Refresh at the top of the dialog, to update the customer's status.
It can take several minutes for the Microsoft process to complete. When a customer GDAP relationship is finalized, its status is Approved or Issues found, and Cloud Commander can import data from the cloud for the customer. It may take up to five minutes for the collected data to display in Cloud Commander.
For information about onboarding more customers after the initial setup, see Onboard CSP customers.
When your first customer is onboarded, Cloud Commander creates Default platform user groups with their roles scoped to that customer. Each time you onboard a new customer, the default platform user groups' scopes expand to include that new customer.
When you onboard a customer, you are added as a member to the default platform user groups for that customer. You are also assigned the following roles:
- User Administrators scoped to your MSP organization
- Administrators scoped to the onboarded customer
- Role Administrators scoped to the onboarded customer
The service account you authenticated in Step 2 is added as a member to the default platform user groups.
Step 4: Assign users to the default platform user groups
Cloud Commander includes the following default platform user groups to get you started. You add users to the groups according to job responsibility. After Cloud Commander is setup, you can customize these groups or create your own platform user groups as needed:- CC Admins
- CC Technicians
- CC License Admins
You can assign more users to the default platform user groups now or later. For more information, see Manage platform user groups.
To best illustrate how to assign users to the default platform user groups, the following task shows the steps for adding users to the CC Technicians group. The steps are the same when you add users to other groups.
- On the
If the group list is empty or you can't find a specific group, select Refresh to show the most recent data.
, select Identity > Groups. - Search for CC Technicians and select its name to view the details.
- Go to the Members tab.
- Select Assign members.
When multiple customers are selected in the global customer selector, only options that apply to all selected customers display.
- Select the checkbox for one or more users to add to the group and select Next.
- Review the list of members to add. If you need to make changes, select Back. Otherwise, select Done.
The user(s) are added to the group and display on the members list.
Status descriptions
As you onboard your customer tenants, we track their integration status using the following states:
An existing GDAP relationship in Approval pending state is not supported, and you must go to the Microsoft Partner Center to follow the manual approval process.
State | Description | Action |
---|---|---|
Not configured | GDAP relationship not established. This status occurs when:
| |
Needs approval | Select Copy approval to copy the link that's required to approve the GDAP request. Send the link to an administrator for the customer so they can approve the request. For instructions, see the Microsoft documentation. | |
Approved | The GDAP relationship is fully configured and ready to use. Cloud Commander can import data from the cloud. | No action required. |
Issues found | GDAP relationship can't be created, or it can be created but without all the required access permissions. |
If the customer's status changes to Issues found, select Review limitations to view more information, and then choose one of these actions:
|
Awaiting Microsoft | Due to the asynchronous mode of Microsoft processing external requests, this status displays when Cloud Commander is waiting for Microsoft to complete processing. | No action required. |
Next steps
Related articles
- Requirements for Cloud Commander
- FAQs—Microsoft Cloud Access
- Platform role management
- Identity/User management
Updated: Aug 15, 2024