Introduction
We strongly recommend Microsoft 365 customers configure Synergy SKY with Microsoft Graph API for Microsoft 365.
In line with the end of support notification for EWS Basic Authentication, Microsoft has created a new authentication method known as Microsoft Graph. Microsoft Graph allows for increased performance towards the Microsoft Cloud. Over time, Microsoft has introduced OAuth 2.0 for authentication and authorization, which is more secure and reliable than Basic Authentication to access data.
You can find additional information relating to Microsoft Graph here.
We have provided instructions on how to set up Microsoft Graph with Synergy SKY below.
You can jump to calendar permission properties by clicking here.
This guide will explain how to:
- Select / Create ActOnBehalfOfEmail
- Create an App Registration, Client Certificate & Secret
- Add API Permissions
Prerequisites
Microsoft Azure |
You will need administrator privileges for your organization in the Azure portal. |
Optional step to secure the application to a security group
Step-by-Step Guide
Creating/Selecting the Act on Behalf of email
The Synergy SKY Act on Behalf of email is the email address that will be used to notify users of their meeting updates and progress. You are not required to create a new email account. It is possible to use an existing service email account that exists in your organization however if you would like to create a new service account, we have steps on how you can achieve this below:
- Log in to https://portal.azure.com
- Click on left hamburger menu > Microsoft Entra ID > + Add > User > Create New User (Or search for 'users' in the top search bar)
- Type in the Username, Name and verify password settings and choose to save
Configuring Microsoft Graph API
- Log In to https://portal.azure.com
- Click on left hamburger menu > Microsoft Entra ID > + Add > App registration (Or search for 'registrations' in the top search bar)
- Enter a name and click Register
-
Accounts in this organizational directory only (SynergyPlay only - Single tenant)
-
Accounts in this organizational directory only (SynergyPlay only - Single tenant)
- Click on API permissions (left side menu)
- Click on Add a permission
-
Microsoft Graph
- Application Permissions:
-
Microsoft Graph
-
-
-
- Calendars.ReadWrite (For Reading Resource Calendar and writing back any info needed, can be limited to Security group as outlined below)
- Mail.Send (For email alerts to UC admins, configured specifically in the Application)
- User.Read.All (For reading address book to add rooms)
-
-
- Click the Add permissions button
- Grant Consent: An admin needs to login and click the “Grant admin consent” button
Obtain credentials
The Tenant ID, Client ID and Secret Value are what are required for configuration, so that Synergy SKY can read and process your meeting room's meetings.
- Navigate to the Overview page of your App registration
- Take note of the:
- Application (client) ID
- Directory (tenant) ID
- Click Add a certificate of secret > + New client secret
- 24 months is the max duration. Be warned, there is no good way to know when this will expire
- Copy the secret Value, not the Secret ID
Next: Mailbox permissions