During onboarding, CoreView connects to the Microsoft tenant by using service accounts. These accounts are required to establish connectivity and allow imports to run during onboarding and after onboarding.
The “Admin read-only” page displays the service accounts used for this connection and allows Tenant Admins to manage them after onboarding. From this page, Tenant Admins can:
- View the service accounts
- Switch between automatic and manual service account modes
- Recreate automatic service accounts
- Update credentials for manual service accounts
- Run a pre-import check to validate the configuration
Available service account modes
Automatic service accounts
In automatic mode, CoreView creates the required service accounts directly in the Microsoft tenant.
When this option is selected:
- CoreView creates the two required users in the tenant
- CoreView applies the service-account configuration defined for the onboarding process
- Before imports resume, CoreView runs a pre-import check to validate the account credentials and tenant connectivity
Manual service accounts
In manual mode, the organization creates the required service accounts directly in Microsoft Entra before configuring them in CoreView, and must assign the permissions required for connectivity. For manual account creation steps, see How to create a service account in the Microsoft admin center.
The following credentials must then be entered in CoreView:
- Username
- Password
CoreView uses these credentials to authenticate to Microsoft and start the import process.
Tip
Use this mode when the organization manages service accounts internally and applies its own credential governance processes, such as password rotation.
Switch between service account modes
You can switch between automatic and manual mode at any time after onboarding. To begin, select “Manual” or “Automatic” by using the toggle in the Service Accounts section of the Admin read-only page under Organization Settings.
When switching from manual to automatic mode, or when recreating service accounts in automatic mode, CoreView deletes the previous service accounts from the Microsoft tenant.
This cleanup removes unused service accounts from the environment and reduces the risk associated with retaining privileged accounts that are no longer in use.
Please do not select existing users and repurpose them as service accounts.
Recreate automatic service accounts
If automatic mode is enabled, the service accounts can be recreated at any time.
When this action is performed:
- CoreView creates two new users in the Microsoft tenant
- CoreView reapplies the service-account configuration defined for onboarding
- A pre-import check runs automatically
- If the check succeeds, connectivity is confirmed
- Future imports can run normally
- The old service accounts are deleted
The pre-import check uses the same validation logic used during onboarding. It confirms that the connection between CoreView and Microsoft is working before imports proceed.
Step 1: enable Management session
Make sure “Management” is set to “ON”. If it is off, activate a management session by using the Management toggle at the top of the page, then selecting “Turn on management session”. Wait until activation is complete.
Step 2: recreate admins
Click “Create all admin accounts” and proceed with the recreation. Wait for the Admin read-only accounts to be created. You can monitor task progress by selecting the notification bell icon next to the Management toggle.
Update manual service account credentials
If manual mode is enabled, service account credentials can be updated directly from the “Admin read-only” page. This procedure supports periodic password rotation for manually managed service accounts.
Recommended process
- Update the password for the service account in the Microsoft 365 admin center
- Enter the new credentials in CoreView
- Save the changes
- Allow CoreView to validate the credentials
- Allow the pre-import check to confirm connectivity
Step 1: update password in Microsoft 365 admin center
- Navigate to the Microsoft 365 admin center.
- In the “Active users” report, locate the required CoreView service account and click the “Reset password” icon.
Enter a new password, then click “Reset password” at the bottom of the modal to confirm.
Step 2: validate password in CoreView
On the “Admin read-only” page in manual mode, click the “Edit” button.
Enter the new password and click “Validate”.
If the password matches the one updated in the Microsoft 365 admin center, a success message appears at the top of the page. Click “Save”.
Pre-import check
Every time a relevant change is made to the service account configuration, CoreView runs a pre-import check.
This check verifies that:
- The credentials are valid
- The connection to Microsoft can be established
- The configuration is ready for future imports
The pre-import check result identifies:
- What failed
- Why it failed
- What must be corrected
Examples of issues that may be reported include:
- Credentials that do not match the accounts configured in Microsoft Entra
- Failed connectivity validation
- Configuration problems preventing a successful pre-import check
If the check fails, the page displays the validation result and the condition that must be corrected before imports resume.