Note: It can take up to 15-20 minutes from the time you start the Azure VM until the installation completes. Please provide the required time before performing the steps below.
The DayOne configuration includes the following steps:
Creating an application in Azure
Optional - Creating a certificate that matches your server FQDN
Creating an application in Microsoft Azure
1. Sign in to your Microsoft Azure account: Azure portal
2. Select Azure Active Directory
3. Select App registrations
4. Select New registration
5. Create a web application and fill in https://Server.FQDN in the Redirect URI section
6. Copy the Application ID from the Overview tab
7. Select Authentication
8. In Advanced Settings section select (check) ID tokens.
If you do not wish to install the Sync Service click on the Save button. Else, continue without clicking Save.
Note: The following is configuration for the DayOne On-Prem Sync Service. If you are not setting the Sync Service continue to Basic Configuration section.
9. Check also the Access tokens
10. Select API permissions
11. Select Add permissions
12. Select APIs my organization uses and search for Microsoft Graph
13. Select Microsoft Graph
14. Select Application permissions
15. Select User.Read.All
16. Select Grant admin consent for <YourAppName>
17. Select Certificates & secrets
18. Select New client secret
19. Enter description and select expiration
20. Copy the secret value
21. Create Organizational Unit in Active Directory to create the users in, copy it’s distinguishedName.
22. Exclude this Organizational Unit from Azure AD Connect Synchronization.
23. Create administrative account with permissions to create/delete/modify users in this Organizational Unit.
24. Start the installation: "DayOne On-Prem Sync Service Setup.msi"
25. In the Set Service Login insert the credentials for the user created in step 23.
26. Edit the service configuration file located in "C:\Program Files (x86)\DayOne Write Back Service\DayOne On-Prem Sync Service.exe.config".
27. Set the following:
28. Service Events in Event Viewer:
Events source “DayOne Write Back Service”
You should see the following page:
2. Fill in your tenant domain and the application ID (that you have copied in a previous step)
3. Wait 1 minute and then refresh the page
You should be redirected to Microsoft Azure Active Directory and will be required to authenticate
4. Once authenticated, you should see the following DayOne dashboard page
5. First configure the Admins
Click on the “hamburger” menu (Top-Left) and select Admins
Press the + sign and fill the admin information
6. An optional step is to change the web application certificate to one of your own
Go to Settings in the “hamburger” menu
Prepare a PKCS#12 .pfx certificate file
Input the private key password
Press CHANGE and upload the certificate
Wait 1 minute for the update process to complete before refreshing the page
7. Go to Tenants and configure the tenants you would like to sync objects with (From or To)
The user that will be configured in this section requires the following permissions:
In Microsoft Azure:
2. In Exchange online:
Fill in the tenant and user’s details (following is only an example)
8. Go to Connectors
9. Click the + sign in the Connectors section
Trusted Tenant – Sync users from this tenant
Trusting Tenant – Sync users to this tenant
Active – Enable/Disable the sync operation for this connector
Member[On] Guest[Off] – Whether synced users will be created as “Guests” or as “Members” in the target tenant
Deletion Enabled – Should users be deleted in the target tenant in case they are deleted in the source tenant (only users that were created by the connector will be deleted by it)
Deletion Threshold – If the number of users to be deleted are above this threshold no deletion will occur and a warning will be issued (0 is no limit)
Display Objects – Enable/Disable displayed synched users in the address books of the target tenant
Display Name – Should display name be synced as is or changed according to organization policy
Display Name Suffix – Will be added to all synced users in destination tenant
10. Each connector has inclusions and exclusions of its own. You can import list of emails into each of these using a text file that contains email address per line
Exclusions – Users in this list will not be synced, if they have already been synced by this connector they will be deleted (if deletion is enabled and the number of objects to be deleted is within the threshold)
Inclusions – If this list contains users, only those users will be synced, if this connector synced other users they will be deleted (if deletion is enabled and the number of objects to be deleted is within the threshold)