Skip to content
English
More support Customer portal
Sign in to Gradient
  • There are no suggestions because the search field is empty.

Setting up Microsoft + Pax8 Integration

This article will walk you through everything required to properly configure your Pax8 and Microsoft environments to use our integration.

How to Set Up Pax8 and Microsoft for Integration

This article will walk you through everything required to properly configure your Pax8 and Microsoft environments to use our integration. It includes:

  • ✅ Required permissions and admin access

  • ✅ Authentication setup with Microsoft

  • ✅ How to configure GDAP (Granular Delegated Admin Privileges)

  • ✅ References to Pax8 and Microsoft official documentation

Pax8 Admin Account Requirements

To successfully connect your Pax8 account with our system, the account used must have admin access. This is due to a technical constraint that Pax8 has confirmed and documented — certain API endpoints simply won’t return data unless the authenticating user has admin rights.

✅ How to check if your Pax8 account has admin access

  • Log in to Pax8 at https://admin.pax8.com

  • Navigate to My Account > Roles & Permissions

  • Look for a role that includes “Admin” or “Full Access”

📸 Screenshot: My Account screen showing admin role

🛠️ How to request admin access or create a new admin user

  • An existing Pax8 admin can go to Settings > Users > Add New User

  • Assign the Administrator role

📸 Screenshot: User creation modal

 

🔗 Reference: Pax8 Role Permissions Overview

 

2. Microsoft Authentication Setup

To connect Microsoft data, your account must authorize access with the correct delegated permissions via OAuth.

✅ Required Microsoft Permissions

We request permissions such as:

  • Organization.Read.All

  • User.Read.All

  • Group.Read.All

  • Directory.Read.All

These are needed to:

  • Read license and subscription info

  • Retrieve user and group details for assignment validation

📸 Screenshot: Consent screen showing permission request

How to provide tenant-wide consent

If you’re a Microsoft 365 Global Admin:

  1. Go to: https://login.microsoftonline.com/common/adminconsent?client_id=YOUR_CLIENT_ID_HERE

  2. Sign in and grant consent

  3. You’ll see a confirmation screen when successful

🔗 Reference: Microsoft OAuth Permissions Consent Docs

 

Setting Up GDAP (Granular Delegated Admin Permissions)

GDAP is required by Microsoft for partners (like Pax8 resellers) to manage customer tenants. Without GDAP, Microsoft APIs will not return customer-level data.

If you’ve never set up GDAP before, this section will walk you through the recommended approach

What is GDAP?

Granular Delegated Admin Privileges (GDAP) is Microsoft’s new model that replaces DAP (Delegated Admin Privileges) for security and control improvements.

🔗 Reference: Microsoft GDAP Overview

✅ How to check if you have GDAP relationships

Use Microsoft Partner Center:

  1. Go to https://partner.microsoft.com

  2. Navigate to Customers

  3. Select a customer > go to Admin relationships

  4. Look for “GDAP” under relationship type

📸 Screenshot: Partner Center with GDAP column highlighted

 

🛠️ How to create a GDAP relationship 

  1. Log into Microsoft Partner Center

  2. Go to Customers > Add GDAP

  3. Select the customer and define required roles

  4. Send relationship request link to the customer

  5. Once approved, the GDAP is active (usually within minutes)

📸 Screenshot: Role selection during GDAP creation

 

🔗 Official Microsoft Guide:

Create GDAP Relationships