PowerPlay - Quick Start Checklist

Updated 1 month ago by Niamh Ferns
PowerPlay Quick Start Checklist

This checklist supports our Tokity PowerPlay Deployment Quickstart Guide
# PowerPlay Quick Start Checklist

---
---

## Variables Table
**DeskDirector URL**                |:
**Master Admin Agent ID**           |:
**CustOrg Account Name**            |:
**DeskDirector API Key**            |:
**Master Admin Access Token**       |:

**ServOrg Environment URL**         |:
**ServOrg Tenant ID**               |:
**ServOrg Application ID**          |:
**ServOrg Client Secret**           |:
**ServOrg Secret Expiration Date**  |:

**CustOrg Environment URL**         |:
**CustOrg Tenant ID**               |:
**CustOrg Application ID**          |:
**CustOrg Client Secret**           |:
**CustOrg Secret Expiration Date**  |:

**CustOrg Account ID**              |:
**CustOrg Access Token**            |:
**ServOrg Account ID**              |:
**ServOrg Access Token**            |:

----
----

## PowerPlay PSA Onboarding | Pre-deployment

### DeskDirector Instance
- [ ] Add DeskDirector URL to the Variables table
- [ ] Add Agent ID of a Master Admin to the Variables table
- [ ] Identify and add your CustOrg Account Name to the Variables table
- [ ] Add DeskDirector API Key to the Variables table
- [ ] As a Master Admin, generate an Access Token from the admin console and add to the Variables table

### Onboarding Administrator
- [ ] Assign the Cloud Platform Administrator role
- [ ] Assign the Power Platform Administrator role
- [ ] Assign a Power Automate Premium license
- [ ] Assign a Power Apps Premium license
- [ ] Assign a Microsoft Teams license
- [ ] Assign an Exchange Online Plan license

### PowerShell Modules and Microsoft Graph Permissions
**Commands:**
```
Get-Command "pac"
Get-Module -ListAvailable -Name Microsoft.Graph
Disconnect-MgGraph
Connect-MgGraph -Scopes "Application.ReadWrite.All", "Directory.ReadWrite.All"
```

**Tasks**
- [ ] Install Power Platform CLI Module and confirm using Get-Command "pac"
- [ ] Install Microsoft Graph PowerShell SDK and confirm using Get-Module -ListAvailable -Name Microsoft.Graph
- [ ] Disconnect active Microsoft Graph sessions
- [ ] Authenticate with Microsoft Graph
- [ ] Grant requested permissions to Microsoft Graph Command Line Tools as required

### HTTP with Microsoft Entra ID
**Commands:**
```
$PSVersionTablewinget
install --id Microsoft.PowerShell --source winget
```

**Tasks:**
- [ ] Install PowerShell 7 using winget install --id Microsoft.PowerShell --source winget
- [ ] Download the ManagePermissionGrant.ps1 script linked in documentation
- [ ] Grant Directory.Read.All permissions to your Onboarding Administrator account using ManagePermissionGrant.ps1 


## PowerPlay PSA Onboarding | Deployment

### Submit Provision a Tokity Power Play Environment
1. [ ] Log into support.deskdircetor.com, and then complete the Submit Provision a Tokity Power Play Environment form:
    - Variable: DeskDirector URL
    - Variable: DeskDirector Access Token
    - Variable: CustOrg Account Name
2. [ ] Download scripts from SharePoint linked on the ticket to `C:\PowerPlay`

### ServOrg Environment Setup
**Commands:**
```
cd C:\PowerPlay
Unblock-File -Path '.\<Your Base Name> Tokity ServOrg Power Play Environment Provisioning Script.ps1'
& '.\<Your Base Name> Tokity ServOrg Power Play Environment Provisioning Script.ps1'  -IsTest $false -EnvironmentType "Production"
```

**Tasks:**
1. [ ] Run the PowerShell ServOrg Provisioning Script:
    a. Launch Powershell as Administrator
    b. Run Unblock-File on the ServOrg Script
    c. Either edit the script and validate the `$isTest` boolean is `$false` or use the following flags when you run the script: `-IsTest $false -EnvironmentType "Production"`

2. [ ] Follow prompts to finish ServOrg deployment
3. [ ] Update variables table with:
    - ServOrg Environment URL
    - ServOrg Tenant ID
    - ServOrg Application ID
    - ServOrg Client Secret
    - ServOrg Secret Expiration Date

4. [ ]  Validate your ServOrg deployment

### CustOrg Environment Setup
**Commands**
```
cd C:\PowerPlay
Unblock-File -Path '.\<Your Base Name> Tokity CustOrg Power Play Environment Provisioning Script.ps1'
& '.\<Your Base Name> Tokity CustOrg Power Play Environment Provisioning Script.ps1' -IsTest $false -EnvironmentType "Production"
```
**Tasks:**
1. [ ] Run the PowerShell CustOrg Provisioning Script:
    a. Launch Powershell as Administrator
    b. Run Unblock-File on the CustOrg Script
    c. Either edit the script and validate the `$isTest` boolean is `$false` or use the following flags when you run the script: `-IsTest $false -EnvironmentType "Production"`

2. [ ] Follow prompts to finish CustOrg deployment
3. [ ] Update variables table with:
    - CustOrg Environment URL
    - CustOrg Tenant ID
    - CustOrg Application ID
    - CustOrg Client Secret
    - CustOrg Secret Expiration Date

4. [ ] Validate your CustOrg deployment

### Register CustOrg with Command Broker
1. [ ] Log into DeskDirector Admin Portal as Master Admin
2. [ ] Deploy the IECB Library Solution from the Solution Library
3. [ ] Update Custom Portal Menu for Onboarding Administrator contact
4. [ ] Impersonate Onboarding Administrator
5. [ ] Register with the Command Broker
6. [ ] Update Variables table with:
    - CustOrg Account ID
    - CustOrg Access Token
    - ServOrg Account ID
    - ServOrg Access Token

### Secure Form Submission
1. [ ] Log into support.deskdirector.com
2. [ ] Load into your open I want to provision... support ticket
3. [ ] Select the Supplementary Form for Confirm Submission...
4. [ ] Open Secure Form:
    - Variable: DeskDirector URL
    - Variable: Select Initial Tokity Provisioning

5. [ ] ServOrg Environment Details
    - Variable: ServOrg Environment URL
    - Variable: ServOrg Tenant ID
    - Variable: ServOrg Application ID
    - Variable: ServOrg Client Secret
    - Variable: ServOrg Secret Expiration Date

6. [ ] CustOrg Environment Details
    - Variable: CustOrg Environment Name
    - Variable: CustOrg Environment URL
    - Variable: CustOrg Tenant ID
    - Variable: CustOrg Application ID
    - Variable: CustOrg Client Secret
    - Variable: CustOrg Secret Expiration Date


## PowerPlay PSA Onboarding | Post-deployment - Connections

1. [ ] Log into Power Apps https://make.powerapps.com
2. [ ] ServOrg Connectors:
    - DeskDirector
    - DeskDirector Custom Connector: `DdApi APIKEY...`
    - Microsoft Dataverse
    - Teams
    - Outlook

3. [ ] ServOrg Connection References:
    - DD Custom Connector
    - IECB Microsoft Dataverse
    - IECB ServOrg - DeskDirector
    - SO - Dataverse
    - SO - DeskDirector
    - SO - DeskDirector Custom Connector
    - SO - MS Teams

4. [ ] CustOrg Connectors:
    - Power Automate Management
    - HTTP with Microsoft Entra ID: https://graph.microsoft.com
    - Microsoft Dataverse

5. [ ] CustOrg Connection References:
    - IECB HTTP with Microsoft Entra ID
    - IECB Microsoft Dataverse
    - IECB Power Automate Management


## PowerPlay PSA Onboarding | Post-deployment - Environment Variables

1. [ ] ServOrg:
    - Custom Connector - Domain	: DeskDirector URL
    - IECB ServOrg DD Host URL : DeskDirector URL
    - SO - Domain : DeskDirector URL
    - IECB ServOrg Admin Id : Agent ID of a Master Admin
    - SO - Member ID : Agent ID of a Master Admin
    - IECB ServOrg Id : ID for the ServOrg IECB App
    - SO - App URL : Link to the Service Orchestrator App

2. [ ] CustOrg:
    - IECB Client ID
    - IECB Client Secret
    - IECB CustOrg Environment ID
    - IECB CustOrg Id
    - IECB ServOrgAccessToken
    - IECB Tenant ID


## PowerPlay PSA Onboarding | Post-deployment - Flows

1. [ ] ServOrg: Service Orchestrator Library
    a. [ ] Enable all (Child) flows
    b. [ ]  Enable remaining flows

2. [ ] ServOrg: IECB ServOrg Library
    a. [ ] Enable [Manual] Get CustOrg Token
    b. [ ] Enable remaining flows
    c. [ ] RUN: [Scheduled] Get CustOrg Access Token

3. [ ] CustOrg: IECB CustOrg Library
    a. Enable [Scheduled] Enumerate Command Offers
    b. Enable Check Command Runners Info
    c. Enable Retire Command Runners
    d. Enable Supply Command Runners v3
    E. Enable all remaining flows in the CustOrg


## PowerPlay PSA Onboarding | Sync Entra Group Solution

### ServOrg
1. [ ] Solution Library Solution Deployed
2. [ ] Connection References
    - IECB SyncUserGroup - DeskDirector
    - IECB - SyncUserGroup - Office 365 Outlook

3. [ ] Environment Variables
    - IECB SyncUserGroup - Approval Required
    - IECB SyncUserGroup - Board ID
    - IECB SyncUserGroup - Closed Status ID
    - IECB SyncUserGroup - Email Recipients
    - IECB SyncUserGroup - Event ID
    - IECB SyncUserGroup - In Progress Status ID

4. [ ] Enabling Cloud Flows
    a. *Tier 1:*
    - [DynamicContent] Requestor Account and Sync Modes
    - [HttpReq] Entra users mails, UPN clean up
    - [HttpReq] Extract Entra Groups with Members or Owners
    - [Httpreq] Removal - Non-Entra member in Account (child)
    - [Httpreq] Removal - Non-Entra member in Contact Group (child)
    - [Httpreq] Removal - Non-Entra member in Service Group (child)
    - [HttpReq] Sync Checking - Send Email Update (child)
    - [HttpReq] SyncUsers - Add Contacts to Contact Group (Child)
    - [HttpReq] SyncUsers - Create or Activate DD Contacts (Child)
    - [HttpReq] SyncUsers - Get DD Contacts (Child)
    - [HttpReq] SyncUsers - Link Service Group to Contacts (Child)
    - [Manual] Update Sync Mode Dynamic List
    - [Schedulde] Update IECB CustOrgs Dynamic List
    - [Scheduled] Update CustOrg's Entra Groups Table

    b. *Tier 2:*
    - [HttpReq] Sync Checking
    - [HttpReq] Sync Mode 1 - Sync contacts
    - [HttpReq] Sync Mode 2, 5 - Contact group for Entra Members
    - [HttpReq] Sync Mode 3 - Service Groups
    - [HttpReq] Sync Mode 4 - Entra Groups as Accounts
    - [HttpReq] Sync Mode 5 - Contact group for Entra Owners

    c. *Tier 3:*
    - [HttpReq] Process Sync Request for a CustOrg

    d. *Tier 4*
    - [DDEvent] Process Sync Users Request
    - [Scheduled] SyncUsers - Process Requests

### CustOrg
1. [ ] Connection References
    - IECB CustOrg App SyncUserGroup HTTP With Microsoft Entra ID

2. [ ] Cloud Flows
    a. [DDCommand] Get Entra Groups - sync
    b. [DDCommand] Get Groups and Members for Sync
    c. [DDCommand] Update Entra ID Groups Table
    d. Reset Entra ID Groups List table

3. [ ] Enumerate Command Offers
    - IECB CustOrg Library
    - Cloud Flows
    - [Scheduled] Enumerate Command Offers > Run
    - Tables > IECBCommandOffer
        * `get entra groups - sync`
        * `get groups and members for sync`
        * `update entra id groups table`

4. [ ] ServOrg: Run [Manual] Update Sync Mode Dynamic List
5. [ ] ServOrg: Run [Schedulde] Update IECB CustOrgs Dynamic List
6. [ ] Sync Configuration Form Submission
    a. Grant access to the Sync User Group form to your Onboarding Administrator in your DeskDirector instance
    b. Impersonate Onboarding Administrator
    c. Submit the `Sync User Group` form

7. [ ] ServOrg: Run [Scheduled] Update CustOrg's Entra Groups Table
    - Confirm IECB-CustOrg-App-Sync User Group > Entra ID Groups List table populated

8. [ ] Launch the Entra Groups Sync Manager
    a. Share the Entra Groups Sync Manager App with Onboarding Administrator
    b. Launch the Entra Groups Sync Manager  PowerApp
    c. Enable Group(s)

9. [ ] Submit the Sync User Group form
PowerPlay - Quick Start Checklist

PowerPlay Quick Start Checklist

How did we do?

Related Articles

DeskDirector Features Overview

Getting Started with the Solution Library

Featured Solution: Ticket Briefing

Related Articles

DeskDirector Features Overview
Getting Started with the Solution Library
Featured Solution: Ticket Briefing