Versions Compared

Version Old Version 9 New Version 10
Changes made by

Simon Barlow

Elliot Dooleysmith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

This guide covers how to configure ResourceXpress to use OAuth 2.0 to connect with Office 365.

Pre-requisites & Limitations

Exchange Impersonation for all resource mailboxes is mandatory for the service account(s)

Please see the Microsoft Office 365 configuration guide for instructions to configure Impersonation

ResourceXpress Settings

To configure OAuth in ResourceXpress first sign into the admin console, using the navigation menu across the top select Administration Settings then System Settings, the OAuth options can be found under the Resource Server tab.

...

These settings can also be applied to individual Resource Profiles or Location-based System Settings.

For individual profiles follow this same procedure but fill in the options found under the Connection Properties tab found in the profile settings.

For Location-based Systems follow this procedure filling in the settings by location found under the Locations tab in System Settings.

Firstly, select For Microsoft Graph API select Yes for Use Graph API

Select Yes for Use OAuth.

Note

OAuth is required when using Microsoft Graph API

The Resource Login User ID is the service account email address that has impersonation rights to all room mailboxes.

Follow the steps below in a new tab/browser window to get get the OAuth Tenant ID, Client ID and Client Secret.

Register an Azure Active Directory App

Navigate to https://portal.azure.com, from here select Azure Active Directory.

...

In the Register an application window enter a name for your application.
Select the Supported account types and click the Register button.

...

Add API Permissions

Next, select API Permissions under Manage, found on the left menu.

Click the Add a permission button from the API permission windowpermissions window.

...

By default the Microsoft Graph User.Read permission is added automatically.
ResourceXpress does not require this permission, so this can be removed.

From the Select an API window choose the APIs my organization uses Microsoft Graph tab.From the available list or using the search choose Office 365 Exchange Online from the Search List.

...

Select Application permissions and choose the full_access_as_app Calendars.ReadWrite option and click Add permissions.

...

Next, click Grant admin consent and then Accept from the confirmation dialog dialogue box.

...

Make sure that admin consent has been granted to the full_access_as_app Calendars.ReadWrite permission, this may require the page to be refreshed.

...

Generate the Client Secret

Select Certificates & secrets from the left menu found under Manage.

...

Click the Copy to clipboard option for this client secret, return the ResourceXpress Admin Console tab and paste this value into the OAuth Client Secret field.

Getting the Client & Tenant ID’s

Return to the Azure Portal, select Overview from the left menu.

...