To use oAuth with EWS for Office 365, you have to register a custom application in the Azure Active Directory for the Office 365 tenant. When installing Evoko Home you will need both the Tennant ID and Application ID from Azure to complete the configuration with O365.
Please follow the guide below to gather/create that information.
- Configure the Azure app and collect information
- Register App for use with oAuth in EWS
- Login using OAuth in the Evoko Home v2.5 configuration Wizard
Make sure you run latest version of Evoko Home: https://download-liso.evoko.se/
The Service Account used for Evoko Home in O365 will need certain scopes applied to it!
Follow the Booking system preparation guide for Office 365 to create your service account and get the scope Application Impersonation applied to it.
Important! The booking system preparation instructions have been updated. If you configured impersonation in the past, please revisit the impersonation section and re-apply the impersonation.
For Microsoft 365 Hybrid exchange setup make sure “EvokoHome/*” is listed in the allow list for EWS.
2: Configure the Azure App and Collect Tennant/Application ID.
Find the tenant name or ID for your Office 365 Tenant in Azure Active Directory
You can use either tenant name or ID in the Evoko Home configuration wizard. Note this down for use in the Evoko Home configuration wizard.
Alternative 1: Use the tenant ID
- Log in to the Microsoft Office 365 Admin Portal here: https://admin.microsoft.com
- Open the Azure Active Directory Portal by clicking on Azure Active Directory under Admin Centers. (click Show All to show Admin Centers if menu is previously hidden)
- This will open Azure Active Directory admin center Dashboard. You can also visit this dashboard by URL: https://aad.portal.azure.com
- Click Azure Active Directory in left panel and click Properties under Manage section.
- Make a note of the Tennant ID your organization is using. In this case "e6d83800-f44c-46c4-9128-cbc4512a3235" is the Tennant ID.
Alternative 2: Use the tenant name
When you signed up for Office 365, Microsoft generated a unique tenant name for your tenant. It is in the form of “<customer id>.onmicrosoft.com”. You can also find this in “Domains” section under “Setup” in the Office 365 Admin Portal. There will be only one domain with suffix “onmicrosoft.com”.
Success! You have the information needed for Office 365 Azure AD Tenant ID.
3: Register App for use with oAuth in EWS
- In the Azure AD portal, under Azure Active Directory click App Registrations to open the App registrations blade.
- Click the New Registration button. Fill in the name and redirect URL as https://localhost and click Register.
- Once the application is created, you can see the details page. Make a note of “Application (client) ID” value for the Evoko Home configuration wizard.
- Click on Authentication. Scroll down and enable Allow Public Client Flows by selecting Yes. Press Save
- Once saved you can access your newly created App Registration by clicking on Azure Active Directory. Then App Registrations. Then Owned Applications. Here in this screenshot you see "Evoko Liso oAuth Configuration" as the name.
- After clicking on the display name of the App you should land on the overview page.
- Under manage you should be able to see API permissions now. Click on API Permissions.
- Click Add a permission button.
- Click on APIs my organization uses. Search for "Office" and Press "Office 365 Exchange Online.
- In the permission selection page, select “Delegated Permission”, which will open the list of permissions for Delegated access. Expand “EWS” and select “EWS.AccessAsUser.All”. Click the Add permission button.
- You should now see the application permissions.
4: Login using OAuth in the Evoko Home Configuration Wizard
Note: If you are already using Evoko Home with Basic authentication, please log on to Evoko Home, go to Global Settings, and click the Change button under your booking system credentials in the top right corner of the global settings. Then, continue from here.
- Select “Modern (OAuth)” from the drop down on the credentials page.
- Copy and Paste the Tenant ID and Application ID from the previous steps for the appropriate fields and click “Login”.
- The wizard will now wait for you to log in using the provided URL (https://microsoft.com/devicelogin) and provided code.
- On the provided URL, enter the code from the wizard and click NextNotice the application name you configured for this and log in with your service account and password.
- Once you sign in using service account credential, it will prompt for the consent dialog. This happens only for first login to this application, subsequent login remembers the consent. Review the dialog and click "Accept".
- You should now see the following screen which informs you to safely close this window.
- Switch back to the Evoko Home Setup Wizard and continue to the next step. Your screen should look like this:
- The Default Port for Evoko Home is 3002 - if you do not wish to change that or upload any of your own certificates, press next.
- Here you will prompted to enter an NTP Server Address for Evoko Home to use. We recommend using 0.pool.ntp.org if your organization allows access to it. Some larger organizations may have their own internal NTP server. Press next when ready.
- Here you will be prompted to accept the Evoko Terms of Service. Press Accept!
- Here on the final page you will be presented with the Username and Password that will be used to log into Evoko Home as an Admin. Its very important that you copy this information to notepad before hitting finish as the text will disappear!
- Once the information is copied to notepad Press Finish
- If you did not upload your own Security Certificates during the wizard you may get a message indicating that your connection is not private. If you do get this message press Proceed to Localhost.
- You will want to log in with the Username and Password that Evoko Home prompted you at the end of the wizard (this should be the information you copied to the notepad).
- Success! You have now completed the setup with Modern Auth and you can now move through Setting Up Your Global Organization in Evoko Home! This will let you add locations, and room resource accounts from O365!