Views:

Adding a Client to Lighthouse / GDAP (Indirect via Ingram Micro)

Overview

This process outlines how Nordic IT:

  • Establishes the Indirect Reseller relationship via Ingram Micro
  • Deploys GDAP access using Microsoft 365 Lighthouse
  • Configures auto-renewal in Partner Center

This ensures:

  • Secure, role-based access
  • No onboarding delays
  • No unexpected loss of access

๐Ÿ” Standard Access Model (READ FIRST)

Nordic IT performs all actions on behalf of the client using a dedicated Global Admin account stored in Bitwarden.

Global Admin Naming Standard:

  • nordicits@<client>.onmicrosoft.com

Core Rule:

All approvals are completed internally using Bitwarden-stored Global Admin credentials.
Do not send approval links to the client unless explicitly instructed.

What This Means for Techs:

  • โœ… Log in as the client to approve relationships
  • โœ… Do NOT wait on the client
  • โœ… Complete the entire process yourself

Prerequisites

  • Client has Microsoft 365 subscription
  • Global Admin exists in Bitwarden
  • Access to Lighthouse and Partner Center

Step 1 โ€“ Establish Indirect Reseller Relationship

Accept Indirect Reseller Relationship

Approval Process:

  1. Open InPrivate browser
  2. Retrieve Global Admin from Bitwarden
  3. Sign in as nordicits@<client>.onmicrosoft.com
  4. Accept relationship

Result: Nordic IT becomes the Indirect Reseller

Step 2 โ€“ Assign GDAP via Lighthouse

Navigate

  1. Open Microsoft 365 Lighthouse
  2. Go to Home โ†’ Delegated access
  3. Select GDAP templates

Assign Template

  1. Select Helpdesk Admins
  2. Click the three dots (โ‹ฎ)
  3. Click Assign template

What Happens:

  • Select tenant
  • Relationship is created
  • Status = Pending

Step 3 โ€“ Approve GDAP Relationship (Bitwarden Process)

Get Link

  1. Go to Delegated access โ†’ Relationships
  2. Locate tenant (Pending)
  3. Copy approval link

Approve Internally

  1. Open InPrivate browser
  2. Retrieve Global Admin from Bitwarden
  3. Paste approval link
  4. Sign in as client Global Admin
  5. Click Approve

Result:

  • Relationship = Active
  • Access is live

Important:
Always use an InPrivate browser. Failure to do so may approve under the wrong tenant.

Step 4 โ€“ Enable Auto-Extend (REQUIRED)

Why This Matters:

  • GDAP relationships expire
  • Lighthouse does NOT auto-renew
  • Without Auto Extend:
    • Access will be lost
    • Tenant disappears from Lighthouse
    • Relationship must be rebuilt

Steps (Partner Center)

  1. Open Microsoft Partner Center
  2. Go to Customers โ†’ Client โ†’ Admin relationships
  3. Open the GDAP relationship (LHSetup: <GUID>)

Enable Auto Extend

  1. Locate: Auto Extend = Disabled
  2. Toggle to: Enabled

Result:

  • Relationship auto-renews
  • No future access interruption

Important:
Auto Extend must be enabled on every GDAP relationship. Lighthouse does not manage renewal.

Step 5 โ€“ Verify

  • Relationship = Active
  • Auto Extend = Enabled
  • Tenant visible in Lighthouse
  • Access functioning

Fix: Legacy / Broken Scenarios

Scenario A โ€“ Advisor Only (No GDAP)

Common with older clients onboarded before Indirect Reseller existed

Cause:

  • Tenant only has Advisor relationship
  • No Indirect Reseller + no GDAP

Fix (Full Rebuild Required):

  1. Start with Step 1 (Indirect Reseller link)
  2. Complete Step 2 (Assign template)
  3. Complete Step 3 (Approve GDAP)
  4. Complete Step 4 (Enable Auto Extend)

Result:

  • Upgraded to Indirect Reseller
  • Fully managed via GDAP + Lighthouse

Scenario B โ€“ GDAP Exists but No Access

Fix: Reassign template and reapprove if needed

Scenario C โ€“ Access Lost

Cause: Auto Extend not enabled

Fix: Recreate GDAP and enable Auto Extend

Scenario D โ€“ Still Using DAP

Fix: Replace with GDAP and remove DAP

Common Gotchas

Issue Cause Fix
GDAP stuck Pending Not approved Approve via Bitwarden
Wrong tenant approved Cached login Use InPrivate
Access lost later Auto Extend off Enable in Partner Center
Tenant missing Relationship expired Recreate GDAP
Advisor only No Indirect Reseller Start at Step 1

Quick Checklist

  1. Accept Ingram relationship (Bitwarden GA)
  2. Assign Lighthouse template
  3. Copy approval link
  4. Open InPrivate browser
  5. Log in with Global Admin
  6. Approve relationship
  7. Enable Auto Extend
  8. Verify access

Internal Best Practices

  • โœ… Always use Bitwarden Global Admin
  • โœ… Never rely on client for approvals
  • โœ… Always enable Auto Extend
  • โœ… Always use InPrivate browser
  • โœ… Standardize Lighthouse templates
  • โœ… No DAP โ€” GDAP only
Keywords: Lighthouse, GDAP, Microsoft 365 Lighthouse, GDAP onboarding, Partner Center, Indirect Reseller, Ingram Micro, delegated access, admin relationships, Bitwarden, Global Admin, tenant onboarding, CSP, advisor relationship, DAP, GDAP auto extend, Lighthouse templates, AdminAgents, Service Desk Agents, tenant access, MSP onboarding, lighthouse access missing, gdap expired, advisor only tenant, partner center auto extend, can't see tenant lighthouse