This is the revised configuration guide for Evoko Home with Office 365 using Modern Authentication/OAuth. The previous oAuth guide was using the legacy oAuth implementation.
To use oAuth with EWS for Office 365, you have to register a custom application in the Azure Active Directory for the Office 365 tenant and gather some information. Please follow the guide below.
Make sure you run latest version of Evoko Home:
https://download-liso.evoko.se/
Article contents
- Preparations
- Configure the Azure app and collect information
- Register App for use with oAuth in EWS
- Login using OAuth in the Evoko Home v2.2 configuration Wizard
1: Preparations
Follow the Booking system preparation guide for Office 365.
Important! The booking system preparation instructions have been updated. If you configured impersonation in the past, please revisit the impersonation section and re-apply the impersonation.
For Microsoft 365 Hybrid exchange setup make sure “EvokoHome/*” is listed in the allow list for EWS.
2: Configure the Azure app and collect information
Find the tenant name or ID for your Office 365 Tenant in Azure Active Directory
You can use either tenant name or ID in the Evoko Home configuration wizard. Note this down for use in the Evoko Home configuration wizard.
Alternative 1: Use the tenant ID
- Login to Office 365 Admin Portal and open Azure AD Admin Portal by clicking “Azure Active Directory” under Admin Centers (click “Show All” to show Admin Centers if menu hidden).
- This will open Azure Active Directory admin center Dashboard. You can also visit this dashboard by URL: https://aad.portal.azure.com
- Click Azure Active Directory in left panel and click “Properties” under “Manage” section.
- Make a note of “Directory ID”, in this case 5024441e-8554-4dbf-9a00-d90e298448e8. This is “Office 365 Azure AD Tenant ID”
Alternative 2: Use the tenant name
When you signed up for Office 365, Microsoft generated a unique tenant name for your tenant. It is in the form of “<customer id>.onmicrosoft.com”. You can also find this in “Domains” section under “Setup” in the Office 365 Admin Portal. There will be only one domain with suffix “onmicrosoft.com”.
Success! You have the information needed for Office 365 Azure AD Tenant ID.
3: Register App for use with oAuth in EWS
- In the Azure AD portal, click “App Registrations” to open the App registrations blade.
- Click the New Registration button. Fill in name and redirect URI https://localhost and click Register.
- Once application is created, you can see the details page. Make a note of “Application (client) ID” value for the Evoko Home configuration wizard.
Success! You have the information needed for Office 365 Azure AD Application ID. - Click on “Authentication”. Scroll down and enable “Treat application as public client” by selecting “Yes”. Press 'Save'.
Note! Make sure that “Access Token” and “ID Tokens” are not selected. - Click on your newly created Application [App registrations]. In this example Evoko Liso 082020.
- You should be able to see [API permissions] now. Go to “API permissions” setting.
- Click “Add a permission” button, click on "APIs my organization uses". Search for "Office" and Press "Office 365 Exchange Online".
- In the permission selection page, select “Delegated Permission”, which will open the list of permissions for Delegated access. Expand “EWS” and select “EWS.AccessAsUser.All”. Click the Add permission button.
- You should now see the application permissions.
4: Login using OAuth in the Evoko Home configuration Wizard
- Select “Modern (OAuth)” from the drop down on the credentials page.
- Use the notes from the previous steps for the appropriate fields and click “Connect”.
Login to Service Account
The wizard will now wait for you to log on using the provided URL and code.
Important! Make sure to login with the service account created for this purpose, if you sign in with other account it will succeed in the authentication but the application will not work.
Login at Microsoft Azure
On the provided URL, enter the code from the wizard then click "Next".
Notice the application name you configured for this.
Once you sign in using service account credential, it will prompt for the consent dialog. This happens only for first login to this application, subsequent login remembers the consent.
Review the dialog and click "Accept".
You should now see the following screen which informs you to safely close this window.
Switch back to the Evoko Home Setup Wizard and continue to the next step.
Success! You have now completed the setup with Modern Auth.