Connecting to G.A. Suite with ADFS enabled
G.A. Suite cannot establish a connection to Project Online tenants with ADFS (Active Directory Federation Service) enabled.
If you try to add PWA from Project Online tenant where ADFS is enabled to G.A. Suite, you may receive the following error:
For such cases, we suggest using a Token and (if the Token did not solve the issue) creating a service (dedicated) account, which will be used specifically for G.A. Suite.
It is possible to Generate Token that will be used instead of your password to log in to the PWA while performing G.A. Suite operations. A token can be generated either while adding a new PWA and account to G.A. Suite or while editing the existing account.
The steps are the following:
1. In the Add Credentials window select Generate Token option.
2. Download the .exe file or .ps1 file to generate the token (using one of these files). Follow the steps in the downloaded file to generate a token, copy it, and paste to the G.A. Suite, Add Credentials window.
4. Click Validate and Save button. The token will be used to connect to your PWA while performing G.A. Suite operations.
If you still receive the same error, then it is required to create a service (dedicated) account, which will be used specifically for G.A. Suite with regular Office 365 authentication to log in and connect to the PWA.
We recommend creating onmicrosoft.com account without ADFS enabled that will be used to connect to the PWA in G. A. Suite.
This account should meet the following criteria:
1. ADFS should not be used for the newly created onmicrosoft.com account.
2. The account should have the required permissions in your Project Online instance:
- it should be assigned to the PWA Administrators security group
- it should be a member of the Site Collection Administrators group in the PWA.
To create such an account perform the following:
Please note: You should have O365 Administrators permissions to be able to create such an account.
1. Navigate to Admin Center.
2. On the Home page under the “Users” section click “Add a user”.
3. Specify all the required details: First Name, Last Name, Display Name, Username.
Under “Domain”, select the “onmicrosoft.com”.
Please make sure to turn on the license that provides access to Project Online.
4. Allow a couple of minutes for the account to be created.
Then navigate to the PWA and add the user to the PWA. To do this, go to Server Settings -> Manage Users -> Add the newly created user account.
5. Grant the created account with the following permissions:
- Site Collection Administrator permissions.
- Should be assigned to the default Administrators security group or a similar group with the same permission level on the PWA.
6. Once the account is provided with all the required permissions, change the account in G.A. Suite in the “PWA Settings” sections. Please find details in this article.