Documentation Center

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Support Portal
  • Home
  • Microsoft 365 Management

Configure GDAP in Microsoft Lighthouse

Contact Us

If you have questions or want help, please Submit a Request.

Updated at Jul 07, 2025
By Kali Patrick

Table of Contents

Create a Template Assign Roles Assign Security Groups Assign the Template Approve the Admin Relationship Complete the Configuration

Related Docs

  • Getting Started with Microsoft 365 Management
  • Integrate with Microsoft
  • Configure GDAP in Microsoft Partner Center
  • Important Information for CSP Microsoft Integrations

This document provides instructions to help you create Microsoft 365 GDAP relationships and role assignments for the Syncro integration using a GDAP template in Microsoft Lighthouse. This method is especially effective if you have many current customers, as it enables you to design a GDAP template that you can apply to all of them. It also lets you apply the same roles and relationships to future customers with only a few clicks.

Read on, or watch this short video to learn more:

To configure GDAP in Microsoft Lighthouse for the Syncro-Microsoft integration, follow these steps:

Create a Template

  1. Navigate to lighthouse.microsoft.com.
  2. From the left navigation, select Roles > Delegated Access:
  3. Click the "Create a Template" link.
  4. In the side panel, give your template a Name.

Assign Roles

  1. To assign roles, click Edit for the Administrator:
  2. Uncheck all the roles to ensure any unused ones are cleared.
  3. Set the Roles filter dropdown to "All," then check the boxes for the following 12 roles:
    • Application Administrator
    • Authentication Policy Administrator
    • Exchange Administrator
    • Cloud App Security Administrator
    • Cloud Device Administrator
    • Intune Administrator
    • Privileged Authentication Administrator
    • Privileged Role Administrator
    • Security Administrator
    • SharePoint Administrator
    • Teams Administrator
    • User Administrator
  4. Click Save.
  5. Repeat step 1 to double check that only the 12 roles are specified and are the correct ones:
  6. Click Save again to confirm.

Assign Security Groups

Next, you'll assign the security group. This allows members of the group to use the roles for your customers.

  1. Click into the text field for the role (i.e. Administrator) to display suggested security groups.
  2. Select AdminAgents:

    Note: Since the authenticating user must be a member of the AdminAgents group, assigning the required roles to it means they'll only need membership in this group for the integration to work. Assigning roles to a different security group will require the authenticating user to be a member of both the AdminAgents Group and whichever security group is assigned these roles.
  3. Click Save. You now have a template you can assign to your customers.

Assign the Template

  1. To assign the template, click the ellipsis menu to display more actions:
     
  2. Select "Assign Template." A list of the customers who are in a relationship with you will appear. 
  3. Select all or any subset of customers you want to integrate with Syncro, then click Next:
  4. Click Assign and wait a moment.
  5. Now, switch to the Relationships subtab. You'll see all your customers and the relationships you have with them.
    Note: You might notice that none of your customers have templates, even though you just assigned them. That's because it can take about five to ten minutes for the changes to propagate, depending on the number of customers you have. Be patient!
  6. Refresh the screen to check if the propagation is complete. If successful, you'll see the template has been applied.

Approve the Admin Relationship

The next step is to get the relationship accepted by the customer.

  1. Click the caret next to a customer. You'll see all the different relationships that exist for this particular customer:
  2. Select one that's in a Pending state. You'll see an email template you can send to your customer so they can accept the relationship. Here's what that looks like:
  3. Instruct an Admin at the customer tenant to navigate to the provided URL.

Tip: If you have Admin rights, you can approve the relationship yourself:

  1. Open a new tab and paste the URL. This leads to a consent page:

    Note: You'll notice a Next button that stays grayed out for about 15 seconds. Don't worry if it takes longer, that's quite normal. 
  2. Once it's active, click Next. 
  3. Click Next and then click Accept. When this is complete, the relationship has successfully been accepted.

Complete the Configuration

  1. Return to Microsoft Lighthouse. You can close the side panel now. 
    Note: The status will stay in a Pending state. It might take five to ten minutes for it to change to Active.
  2. Repeat the Approval process for every customer you want to integrate. Start from Step 1 of Approve the Admin Relationship.

The system on the Syncro side will automatically update once this relationship changes to Active. The system constantly checks the status and will proceed with the necessary process once it detects the correct roles and permissions.

Was this article helpful?

Yes
No
Give feedback about this article

The integrated platform for running a profitable MSP business

Syncro All-in-one MSP Software Facebook Syncro All-in-one MSP Software Twitter Syncro All-in-one MSP Software LinkedIn Syncro All-in-one MSP Software YouTube Syncro All-in-one MSP Software Reddit
  • Compliance
  • Privacy Policy
  • Website Terms
  • Service Terms
Knowledge Base Software powered by Helpjuice

© 2017-2024 Servably, Inc. All rights reserved.

Expand