The process by which users migrate entitlements to Office 365 V2 connector is manual. Users must recreate the configuration of the older instance of Office 365 in the newer instance, Office 365 V2.
Note: Before upgrading Office 365 to the V2 connector, it's important to review how V2 differs in terms of Groups, provisioning, and Immutable ID. Please read the following documents for more information.
Begin by manually migrating your Office 365 V1 configurations and settings to Office 365 V2.
1. Federate and authenticate your domain in Office 365 V2. For more information, see Enabling OneLogin Provisioning (Please note that the V2 connector differs from V1 with Entitlements and ImmutableID)
Note: It's important to hide the new Office 365 app to prevent users from launching it from the portal. To hide the new app, visit Company Apps > Office 365 V2 > Info and deselect Visible in Portal option.
2. Customers using Classic Groups must migrate them to Office 365 Groups. The following Microsoft article details how to migrate older groups.
3. Refresh Entitlements on the Provisioning tab for your Office 365 V2 instance.
4. Recreate your Rules configuration and reassign settings on the Parameters tab, from Office 365 V1 to the new Office 365 V2 instance.
5. On the Provisioning tab, enable provisioning in Office 365 V2 by selecting the Enable provisioning for Office 365 V2 option. Select Create, Delete, and Update User options, ensuring that Admin approval is required for these actions.
6. Recreate Roles for the Office 365 V2 app on the Access tab. This action adds users to Office 365 V2 and places them in Pending status.
We recommend you test the V2 connector to verify it's functioning correctly. Testing is important as it minimizes risk by ensuring the connector is configured correctly, prior to activating your V2 instance.
1. On the Users tab in Office 365 V2, select a user for a test. Click on the user to verify that the correct License and Group entitlements are assigned.
If the entitlements are correct, approve the pending task to Create the user. If the user already exists, the user reverts to pending status. Approve the pending Update task and verify that the job is successful.
Once you complete these steps, verify the user's license and groups. The user should be able to sign into Office 365. The user signs into Office 365 V1, while Office 365 V2 is used for provisioning.
Repeat the steps above for multiple users to ensure they can access Office 365 V2.
Now that you have configured and tested the V2 connector, you can activate it.
1. Change the federation from Office 365 V1 to V2. On the SSO tab, toggle Enable automatic SAML configuration to defederate the Office 365 V1 connector.
Note: It will take 15 - 90 mins for the changes to propagate. To verify that the domain is defederated, visit portal.office.com and enter an email (eg. firstname.lastname@example.org). If the domain is defederated, a password prompt appears; if it's not defederated, you're redirected to your OneLogin portal.
2. Once the domain is defederated, federate Office 365 V2. On the SSO tab, toggle Enable automatic SAML configuration to federate the Office 365 V2 connector.
It will take 15 - 90 mins for the changes to propagate. To verify that the domain is federated, visit portal.office.com and enter an email (eg. email@example.com). If the domain is federated, you're redirected to your OneLogin portal.