AvePoint Knowledge Center
Request article
Contact support
Request article
Contact support
English

Home > Connect Your Tenants to AvePoint Online Services > Overview

Export to PDF

Connect Your Tenants to AvePoint Online Services

To use AvePoint services to manage a tenant in the Microsoft/Google/Salesforce/Amazon platform, the Tenant Owner or Service Administrators must connect the tenant to AvePoint Online Services at first.

Note the following requirements before you connect a tenant:

- Connecting a Microsoft 365 tenant will create an app in the environment of the tenant, which requires a **Microsoft 365 Global Administrator** account within the same tenant to consent to the app. For more information about the required admin consent, refer to [Why is Admin Consent Required to Use the AvePoint Apps?](#missing-link) > ***Note**: If you want to connect a tenant which will be used to , the user consenting to this app must belong to the domain of this tenant, and cannot be an external user. - To connect a Google tenant, ensure the **AvePoint** **Tenant Management** app has been installed. Note that the **AvePoint Tenant Management** app can only be accessed via the **Google Workspace Marketplace** link on the **Connect tenant** page in AvePoint Online Services > **Management** > **Tenant management**. ![Clicking the "Google Workspace Marketplace" link to access the "AvePoint Tenant Management" app.](/en/aos/connect-your-tenants-to-avepoint-online-services/images/image36.png "Clicking the "Google Workspace Marketplace" link to access the "AvePoint Tenant Management" app.") Connecting a Google tenant requires an account with the **Users** > **Read**, **Groups** > **Read**, and **License Management** > **License Read** privileges in the same tenant. - Connecting a Salesforce tenant will create an app in the tenant’s Salesforce environment, which requires a Salesforce account with the **System Administrator** profile in the same tenant or another profile which includes the permissions for the System Administrator profile in the same tenant. > ***Note**: Salesforce has published an to restrict the use of uninstalled connected apps from early September 2025. This will not affect your organization if there are no apps to be created/reconnected. However, for organizations who need to create a new tenant app or reconnect a tenant app, you must either install the tenant app in your Salesforce environment, or ensure that the user consenting to the tenant app has the following required permissions: - If API Access Control is enabled, only the “Use Any API Client permission” gives access to use uninstalled apps. - If API Access Control isn’t enabled, trusted users can use uninstalled apps if they have the “Approve Uninstalled Connected Apps” permission. - Connecting an Amazon tenant will create policies and an IAM role in the AWS environment of the tenant, which requires an IAM user with at least the following required permissions: - iam:CreatePolicy - iam:GetRole - iam:UpdateAssumeRolePolicy - iam:ListPolicyVersions - iam:ListAccountAliases - iam:CreateRole - iam:AttachRolePolicy - iam:UpdateRole - iam:CreatePolicyVersion - iam:DeletePolicyVersion - iam:GetAccountSummary - iam:SetDefaultPolicyVersion

For more information on the permissions required by the above tenant connections, see Permissions Required by AvePoint Tenant Registrations.

To connect a tenant, navigate to Management > Tenant management and refer to the instructions below:

  1. On the Tenant management page, click Connect tenant.

  2. The Connect tenant pane appears on the right of the page. Based on the type of tenant that you want to connect, select the Microsoft, Google, Salesforce, or Amazon platform. In the following scenarios, you also need to provide additional information:

    • Azure environment version – In the AvePoint Online Services production environment for U.S. Government Public Sector, refer to the information below to select a version when you connect a Microsoft 365 tenant:

      • Commercial Microsoft 365 – Select this version if your Microsoft login URL ends with .com.

      • Microsoft 365 U.S. Government – Select this version only if your original onmicrosoft domain ends with .us, not just your custom domain. Most GCC High and DoD organizations should use this option.

    • Salesforce environment – Select the Salesforce or Salesforce sandbox environment when you connect a Salesforce tenant.

    • Amazon – Enter Access key ID and Secret access key to specify an IAM user, which will only be used to configure an IAM role and required policies in your AWS environment. For more details on managing your access key ID and secret access key, refer to this .

  3. Click Connect.

  4. Refer to the instructions below based on your scenario:

    • When you connect a Microsoft/Google/Salesforce tenant, the sign in page appears in a new tab. Sign in with an account which meets the requirements mentioned above.

    • When you connect an Amazon tenant, AvePoint Online Services will check if your entered access key ID and secret access key are available.

  5. Once your tenant is successfully connected to AvePoint Online Services, a message prompt will be displayed.

  6. Once a Microsoft 365 tenant has been successfully connected to AvePoint Online Services, go to view details of the tenant and edit the SharePoint Online admin center URL value if it is incorrect.

On the Tenant management page, the table lists all connected tenants and displays information in the following columns: Name, Platform, and Modified time. You can take the following additional actions:

- Use the search box to search for tenants by keywords of tenant names. - To view details of a tenant, click the link in the tenant’s **Name** column. The **Tenant** **details** page appears on the right of the page. When you view details of a Microsoft 365 tenant, you can edit the **SharePoint Online admin center URL** value if it is incorrect. We recommend you reconnect to the tenants who are highlighted with the **New connection recommended** label. For additional details, refer to the **Reconnect a** **Tenant** section below. - If a tenant is no longer needed in AvePoint Online Services, you can select the tenant and click **Remove** to remove the tenant. For additional details, refer to the **Remove a** **Tenant** section below.

Reconnect a Tenant

Reconnect a tenant in the following scenarios:

- If your tenant management app has been deleted accidentally, you need to reconnect the tenant. - When we update the permissions required by a tenant registration, the tenant will be highlighted with the **New connection recommended** label, and we recommend you reconnect the tenant.

To reconnect a tenant, complete the steps below:

  1. Select the tenant.

  2. Click Reconnect.

  3. Refer to the following instructions based on your scenario:

    • When you reconnect a Microsoft/Google/Salesforce tenant, the Microsoft/Google/Salesforce sign in page appears in a new tab. Sign in with an account which meets the requirements mentioned above.

    • When you reconnect an Amazon tenant, enter an access key ID and a secret access key to specify an IAM user with the required permissions for connecting an Amazon tenant. Then, click Connect.

*Note: For organizations using Cloud Backup for Salesforce prior to the December 2024 release, upon reconnecting the Salesforce tenant, the new tenant app AvePoint Online Services Tenant Registration will be created.

Remove a Tenant

If a tenant is no longer needed in AvePoint Online Services, you can refer to the instructions below to remove the tenant:

  1. Select the tenant that you want to remove.

    *Note: Before you remove a tenant from AvePoint Online Services, you must clean up the data related to the tenant, including app profiles, scan profiles, and so on.

  2. In the Remove tenant window, click Confirm to proceed.

  3. If this tenant still has some related data in AvePoint Online Services, the Alert window appears. You can click these related data to view the data that you need to clean up.