Office 365 Integration
To connect the module to an office 365 instance, several things need to be configured.
- The targeted instance needs to have the integration app created under App Registrations.
- Hit new registration
- Give it a name, choose single-tenant, enter redirect URL
- Set up API permissions (attachments on this article tell you which permissions are needed)
- Set up the certificate (instructions included in the article below)
- Redirect URL must be https://. This is a new requirement from Microsoft since the original writing of the article
- The portal’s authentication redirection URL must be added to the app’s list of redirection URLs. This must be done through the Azure portal.
- The module properties EWSConnectionEmail, EWSConnectionDomain, EWSConnectionPassword, and EWSConnectionUrl must all be blank.
- The module property Office365ClientID must be set to the client ID of the Azure app
- The certificate must be set in-app and installed on the portal server
- The certificate must be added to the app in Azure by modifying the app’s manifest. Step 3 on this page may be helpful: https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-daemon-certificate-credential/ (Note: this link assumes you are creating a new certificate for this purpose—if you are using an existing certificate, just skip the steps for creating a certificate and focus on the parts describing the information you need to add to the app’s manifest).
- Make sure the thumbprint is loaded into the server store (LocalMachine\My). Use the MMC tool to do this (mmc->add certificate snap-in for local machine->import the certificate in the “Personal” Folder).
- Access By Navigating to Azure Active Directory, App Registrations, All Apps from dropdown, Application ID = Client ID from above, Keys are where you upload Certificate Thumbprint. Required Permissions: Microsoft Graph, Office 365 Exchange Online, and Windows Azure Active Directory (Documents attached).
- Make sure the certificate has a key set for your IIS user. To do this, open the MMC tool, add the certificate snap-in for the local machine, find the certificate in the Personal folder, right-click->All Tasks->Manage Private Keys, and add the IIS user if it doesn’t already have access
- In the Reservations module Property Office365Thumbprint, set the Office365CertificateThumbprint to the thumbprint of the certificate used.
With all of these conditions met, you then need to connect to one or more outlook items from the module. The Manage Outlook Integration tool should now display a list of items available for use. These items are shared mailboxes set up through outlook 365. (Any users who have a functioning mailbox and are not assigned any licenses will show up in this list—rooms, and resources always match these criteria, but it is possible to set up a user in this way). When you first hit the management page, it should require you to enter office 365 credentials and grant permission for the app to access your organizational, mailbox, and calendar data.
On the page you should see a list of available items, including both those you have not connected to the module and those you have. Along with the item name and email address, there is an indicator to distinguish between those connected to the Reservations Module and those not. To connect to an item, simply select the Connect option in the dropdown under the item name. If you wish to disconnect an item, thus removing it from the Reservations Module without changing it in Outlook 365, select the Disconnect option from the dropdown under a previously connected item.
Once you have some items connected, make sure you grant permission to those items to some users/roles through the Manage Reservation Items tool. Note that deleting Outlook 365 items from this tool will mark them as deactivated in your Outlook 365 instance.
Any connected items will appear in the list of items to reserve from the appropriate island for all users who have access to those items. The behavior of Outlook 365 items inside the portal should be identical to portal-only items created through the Manage Reservation Items tool from this point forward.
On-Premise Outlook Integration (EWS Integration)
In order to integrate the Reservations Module with an on-premise Exchange server, the following steps need to be taken.
- The EWSConnectionDomain property must be set to the domain of the Exchange server
- The EWSConnectionEmail property must be set to the email of the user whose credentials will be used to access the Exchange server.
- If the portal identity user has access to the Exchange server, the EWSConnectionPassword can be left blank. Otherwise, this property must hold the password for the user set in the EWSConnectionEmail property.
- You must set the EWSConnectionUrl property to the URL of the Exchange Server EWS service (typically something like https://ExchangeServer/EWS/Exchange.asmx). If you leave this property blank, the module will attempt instead to use Exchange’s AutoDiscovery service in conjunction with the email provided in the EWSConnectionEmail property, which can work but is often much slower than supplying the URL directly.
- The portal must be running on a machine on the same domain as the Exchange server
Once the configuration is complete, you can then connect some items from your AD server using the Manage Outlook Integration tool. The tool will again display a single list of all the available items, both those already connected and those not already connected. For EWS connections, the list of available items is populated by searching your Active Directory server for users which are marked as Exchange Rooms or Equipment. Again, you can select the Connect menu option to connect an item with the module, and the Disconnect option to remove an item from the module without affecting it on your Exchange server.
Once connected, you’ll need to grant permission to the item through the Manage Reservation Items tool, and then they should be usable just like any other Reservation Item.
It is not possible to have the module configured to manage items from both office 365 and an on-premise Exchange server simultaneously.