Documentation

Table of contents

This section is relevant only for users of Agendex Community Edition. If you are using Agendex Enterprise, please skip to ‘Configuring Agendex‘.

If you plan to use Agendex against Microsoft 365 Exchange, before deploying Agendex on your infrastructure, you need to create an Agendex App in Azure Active Directory.

Note:
You can omit this step if you are connecting to On-Premises Microsoft Exchange.
In this case Agendex Community Edition is configured much like Agendex Enterprise, so you can jump directly to this section about Docker installation.

Important: Agendex uses an authentication mechanism, called OAuth v2, which requires Azure authentication servers to be able to contact Agendex’ server after successful user or Service Account authentication. Hence, you will need a valid DNS address for Agendex, accessible from outside your organization via HTTPS (port 443). The example used in this document is agendex.mycompany.com.

Registering the Application #

Open Azure Active Directory Admin Center, select Azure Active Directory and click on the menu ‘App Registrations’. Then click the Plus button ‘New registration’.

Click ‘Register’ and you will be automatically redirected to the Authentication page.
Click ‘Add a platform’, then select ‘Mobile and desktop applications’:

For Redirect URI’s select the first and the third option then click ‘Configure’:

Then, back on the page on the left under ‘Implicit grants and hybrid flows’ select ID tokens; this is the mechanism Agendex uses to perform users authentication:

The next step is to generate an application secret. Be careful: you will only have a single chance to copy the secret’s value.

From the menu on the left select Certificates & secrets. Click ‘New client secret’, type in a description, select ‘Never’ as expiration and then click ‘Add’:

At this moment, the secret will be displayed, with the value in the third column and an option to copy it to the clipboard. 

Please save the secret, as you will need to import it into Agendex’s configuration:

Now, let’s jump to ‘Manifest’, at the bottom of the temp menu. It may take a few seconds for the Manifest to appear. You need to insert a few lines in it, exactly under the section named ‘requiredResourcesAccess’. These lines describe the access that Agendex needs to Exchange.

 {
    "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
    "resourceAccess": [
      {
         "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
         "type": "Role"
      }
    ]
},

We are almost done!

The next step is to add permissions to the Agendex App.

Go to ‘API permissions’, click ‘Add Permission’, and click on ‘Microsoft Graph’. In the next form, please select the four OpenID permissions under ‘Delegated Permissions’ and click ‘Add Permissions’ on the bottom of the screen.

Now click on the ‘Grant admin consent for Agendex’ (or whatever you called the application). You shall see now green check boxes on the right side of each permission.

And the last step is to configure the information that Agendex needs in the authentication token. Click on the ‘Token configuration’ menu, then click ‘Add optional claim’. From the right menu, select the following three claims under the ID type:

  • auth_time
  • email
  • upn

and then click ‘Add’:

Important: Go back to Overview and record the Application’s Overview and record the app’s Client and Tenant ID’s. You will need these along with the secret, generated at step 3, when configuring Agendex.

What are your feelings
Updated on March 26, 2021
Scroll to Top