This knowledge base article will describe the conditions that must be in place in order for OfficePlace to be able to establish the connection to your Entra ID and Exchange Online environment. This must be adjusted before you can start the actual switch from RealTime Service to OfficePlace.
For Resource Central integration the condition is that you are updated to the latest published Resource Central version with its belonging system requirements.
O365 service account
We need a service account in O365 with the following:
- It must have a mailbox.
- Cannot be hidden in GAL.
- Must be member of “View-Only Organization Management” Exchange role.
With OfficePlace we can connect to your tenant with either Application permission or Delegated permissions. If you choose to use delegated permissions, then the service account must be granted the following permissions.
See more details here: Required permissions for Service Account with delegated access
- Full Access & Send As to resource mailboxes
- Calendar Editor rights to user mailboxes (Optional depending on the usage scenarios)
Entra ID access with OfficePlace
Resource Central uses OfficePlace as connector to provide needed data sync from your Office 365 tenant. There are two fundamentally different methods that can be selected, where we either connect on behalf of a service account or where we utilize application permissions.
Delegated access
With delegated access it is important that the service account has the required permission to work as mentioned in the section above. We have two guides that provide guidance on how to configure this method in your Entra ID:
- Manual method: Entra ID Application setup for Delegated permission type
- Powershell method: Entra ID Application setup for Delegated permission type using Powershell
Application access
With application access the permissions are granted to the Entra ID application, which by default provides access to the entire organization. In this scenario you can follow these guides.
- Manual method: Entra ID Application setup for Application permission type
- Powershell method: Entra ID Application setup for Application permission type using Powershell
It is possible to use role based access control in Exchange Online to limit the access to an Entra ID app that relies on application permissions. In this scenario you must prepare an Exchange security group with your resources, and similarly create an Exchange security group with your users that must be managed by Resource Central with features like Booking Manager. This can only be achieved with Powershell as described here:
Entra ID Application setup for Application permission type using Powershell & RBAC
The outcome of the above regardless of method will be these values.
- Tenant ID
- Application ID
- Secret Key
Single Sign-On
With OfficePlace we require that SSO is configured to secure the admin access, and this will require an additional Entra ID application. We provide a manual and a scripted method as described here:
- Manual method: Entra ID Application setup for External Authentication
- Powershell method: Entra ID Application setup for External Authentication using Powershell
Properties
Applies to: RC 4.3 SR3+
Last updated: Jan 14, 2025
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article