Heimdal Assistance and Support Help Center home page

Articles in this section

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.

MSP Onboarding

Last updated

The MSP Onboarding feature enables Resellers to seamlessly integrate their Microsoft Entra (formerly Azure AD) tenant with HEIMDAL. This integration allows for the automatic creation of Corporate customers directly from your CSP sub-tenants, streamlining setup and ongoing management. The MSP Onboarding experience is divided into two primary interfaces:

  • Onboarding Wizard: A guided, 12-step modal designed to simplify the initial setup process. It assists with enabling the Reseller Master Group Policy (GP), configuring the Azure connection, and performing the initial customer synchronization.

    • Availability: Automatically triggers upon the first login; can be relaunched at any time via the MSP Onboarding tab.

  • MSP Onboarding Tab: A persistent management hub within the HEIMDAL Dashboard. This interface allows you to maintain Azure credentials, browse available sub-tenants, and provision new Corporate customers directly from the HEIMDAL UI.

This feature is available to Reseller and Distributor tenants with the Monthly Billing licensing option enabled who have the Manage Customer Settings permission claim enabled.

1. Onboarding wizard
2. MSP Onboarding tab

Onboarding wizard

The wizard takes you through 12 steps to onboard and configure everything you need to get HEIMDAL going. The Onboarding wizard starts on first login, after account creation, or after feature release for existing resellers, and gets completed only when the Done button is pressed on Step 12. The dismissed wizard does not restart on the next login, but can be relaunched via the Launch Onboarding Wizard on the MSP Onboarding tab.

  • Step 1 — Home page
    The Wizard prompt is shown; the user presses Start. If the View Endpoint Settings area claim is disabled, the wizard skips Steps 2–8 directly to Step 9 from Step 1.
    image.png
  • Step 2 — Endpoint Settings -> Windows GP
    You can enable the Reseller Master GPs Distribution tickbox. If already enabled, press Next to proceed to Step 3. If the "Edit Endpoint Settings area" claim is disabled, pressing Next skips directly to Step 9. If you want to go back to the previous step, press the Back button. image.png
  • Step 3 — Create New Policy
    The Wizard guides you to create a new group policy by pressing the Create New Policy button. If you want to bypass the group policy creation, just press the Skip button, which jumps to Step 9. If you want to go back to the previous step, press the Back button. 
    image.png
  • Step 4 — New Windows Group Policy page
    Under this step, you can enter a Policy Name and press Next to go to the next step. If you want to go back to the previous step, press the Back button. 
    image.png
  • Step 5 — New Windows Group Policy page
    Press the Create GP button to create the group policy and go to the next step. If you want to go back to the previous step, press the Back button. 
    image.png
  • Step 6 — GP creation confirmation
    Press Next to proceed with the group policy enabling. If you want to go back to the previous step, press the Back button. 
    image.png
  • Step 7 — GP list
    The wizard highlights the newly created group policy and allows you to turn ON the group policy. Press Next to go to the next step without enabling the group policy. If you want to go back to the previous step, press the Back button. 
    image.png
  • Step 8 — GP enabled confirmation
    The next step is to configure the Azure (Entra) Tenant ID.
    image.png
  • Step 9 — Guide -> Customer Settings -> Login Setup -> Azure Login
    Enter you Azure (Entra) Tenant ID and press Update to save it. After saving it, you can press Next to go to the next step. image.png
    If the Tenant ID field is empty when Next is pressed, a confirmation modal is shown: The next steps require a Tenant ID to function correctly. If you do not wish to set it up now, click Finish to complete the onboarding. Pressing Finish dismisses/completes the wizard without saving a Tenant ID.
    image.png
  • Step 10 — MSP Onboarding Tab
    The new MSP Onboarding tab is highlighted by the wizard. You must click on it to go to the next step.
    image.png
  • Step 11 — MSP Onboarding Tab (Credentials)
    Enter Client ID and Secret Value to enable the "See customer list" button. After you do that, press the Next button to go to the next step. 
    image.png
  • Step 12 — Customer List Modal
    Press Done to complete the flow, which enables the See customer list button. Pressing it will open a modal with the HEIMDAL Customers and the Azure Customers grids. 
    image.png

MSP Onboarding tab

The MSP Onboarding tab shows up in the Guide section. Here, you have the Client ID and Secret Value, which are not persistent. They must be re-entered every time the tab is opened. Through the MSP Onboarding tab, the user can see the customer list. The Customer list is composed of:image.png

  • Heimdal Customers
    This is a list of Corp customers currently under the Reseller and includes the following details: Name, Customer Type, Created Date, SPLA, Active Licenses, Total Licenses, Churn Score. The search field allows you to search by Name, Customer Type, Created Date, Active Licenses, Total Licenses, and Churn Score.
    image.png
  • Azure Customers
    This is the list of sub-tenants / contracts retrieved via the Microsoft Graph API for the Reseller's Entra tenant and includes the following details: Name, Tenant ID, Action. The search field allows you to search by Name only. Pre-sorted alphabetically. No manual sort. The Create customer button is disabled if the customer already exists in HEIMDAL or the Azure Tenant ID is already populated.image.png

IMPORTANT

If the View Endpoint Settings area claim is disabled, the wizard skips Steps 2-8 and jumps to Step 9, right from Step 1. If the Edit Endpoint Settings area claim is disabled, the Next button on Step 2 jumps directly to Step 9. 
The MSP Onboarding tab is visible only after an Azure Tenant ID is saved in Guide -> Customer Settings -> Login Setup -> Azure Login. The Launch Onboarding Wizard redirects to the Home page and restarts the wizard. The Client ID and Secret Value are not saved and must be re-entered each session. The See customer list is greyed out until both credentials are entered. If the View customers claim is disabled, the two grids under See customer list are not visible.

Create Customer

  • Name — pre-filled from Azure data, editable. Cannot contain /\, or +.
  • Total Licenses — required, min 1. Highlighted red when empty.
  • Email — required. Highlighted red when empty.
  • Details — optional.
  • Monthly Billing — enabled by default, can be disabled.
  • Licensing options not available on the parent Reseller are greyed out.
  • Email Security 365 and ATP are mutually exclusive — selecting one deselects the other.
  • TAC and TAC UI & M365 User Security require MXDR enabled first. When MXDR is enabled, TAC is auto-enabled and locked.
  • Opt in Reseller Master GP — distributes the Reseller Master GP to the new customer. Requires "Reseller Master GP Distribution" enabled on the Reseller in Endpoint Settings → Windows GP.
  • On creation: a licensing key is automatically generated with a 1-year expiration.

IMPORTANT

Create customer claim disabled → Create customer button is not available

Permission Claims

Claim disabled Impact
View Endpoint Settings area Wizard skips Steps 2–8, jumps to Step 9
Edit Endpoint Settings area Next on Step 2 jumps to Step 9
Manage Customer Settings MSP Onboarding Tab not visible
View customers Customer List grids not visible
Create customer Create customer button disabled

image.png

Haven't Tried Heimdal Yet?

Start Free Trial 30-day Free Trial. Offer valid only for companies.