docsMicrosoft365 ConnectorsShare Client Login Link

Generate Client Login Consent Share Link

To enable our app registration to securely scan and analyze your client Microsoft 365 security and compliance data, we require admin consent from a Microsoft 365 Global Administrator.

⚠️ This method is ideal if you’re a Managed Service Provider (MSP) and your client does not want to share an admin account with you. Instead of logging in on your behalf, your client can approve permissions directly using a secure link.

Step-by-Step Instructions

What Permissions Are Requested?

  • Read-only access to Microsoft 365 security and compliance data.
  • No write access or admin control is requested.
  • This is only to enable secure analysis and scanning of your client environment.

Why Use This Option?

  • No need to share user credentials or create delegated admin accounts.
  • Quick, secure, and fully auditable.
  • Keeps your organization in control while enabling us to deliver insights and support.

1. Open the Admin Consent Setup

Toggle the Read-Only Login (M365) switch next to your client or prospect in the Optimize365 Portal to begin authentication with their Microsoft 365 credentials. Step 1 Screenshot-1

On the “Connect to Microsoft 365” screen, click More options.

Step 1 Screenshot-2

2. Generate the Client Consent Link

Click on Generate Client Consent Link. This allows you to share a secure link with your client, so they can login with their own user to assign the required permissions without giving you direct account access.

Step 2 Screenshot

3. Share the Link With Your Client

A unique secure link will appear. Please send this link to your client, along with the following Client Instructions

Step 3 Screenshot-1

🔗 Client Instructions:

  1. Click the link you received.
  2. Sign in with a Microsoft 365 Global Administrator account to assign our App Registration “Read Only” Permissions.
  3. Review and approve the requested read-only permissions for our application.
  4. Notify you (the MSP) once the process is completed.

Once the Client has succeeded, he should see the following page:

Step 3 Screenshot-2

4. Verify Client Consent

Once your client has confirmed they’ve approved the permissions, click Verify Client Consent to finalize the connection.

Step 4 Screenshot

5. (Optional) Grant Global Reader permissions

If you need to scan beyond the Basic Security Baseline—for example, to access more scans or global insights—you may require Global Reader permissions.

Note: This level of access is not required for the Basic security for prospecting scan.

You can enable Global Reader access using one of the following options:

Option 1: Share Device Login Link

  1. Click on Start Device Login to generate the shared login link. Step 5 Screenshot-1

  2. Share the Device Login link and authentication code with the client.

  3. Ask the client to complete the login process.

  4. Once the login is complete, click “Verify Connection” to proceed.

Step 5 Screenshot-2

Note:
If you prefer to assign permissions manually, you can use the “More options” link on the page.
This method is equivalent to Option 2: Manual Global Reader Role Assignment described below.

Option 2: Manual Global Reader Role Assignment

Alternatively, you can manually assign Global Reader access by following the steps in the
Assign Global Reader Manually guide.

If you have any questions, feel free to contact us directly - [email protected] Thank you for your trust and partnership.

OverviewManually Assign a Global Reader