Skip to main content
Biamp Cornerstone

Booking System Preparation: Exchange On-premise (Exchange SE)

  1. Last updated
  2. Save as PDF

 

This article outlines the required preparations within Exchange On-Premises to successfully integrate Evoko Home with Liso.

 

 

Requirements

You must have Exchange Global Administrator privileges to complete this process.

 

 

Procedure Overview

  1. Create a Service Account
    Set up a dedicated service account that will be used for integration purposes.

  2. Assign Application Impersonation Roles to the Service Account
    Choose one of the following methods to grant the necessary permissions:

    • Option 1: Assign application impersonation with a management scope using the Exchange Management Shell.
    • Option 2: Assign application impersonation without a management scope via the Exchange Admin Center.

  3. Create Resource Mailboxes
    Set up resource accounts (e.g., room mailboxes) that will be managed through Evoko Home.

 

 

Procedure

Step 1. Create a Service Account

Using a Dedicated Service Account for Evoko Liso Integration with Exchange On-Premises

To ensure a secure and reliable integration between Evoko Home and Exchange On-Premises via Exchange Web Services (EWS), we recommend using a dedicated service account (e.g., service-account@domain.com). This account will handle authentication and facilitate communication between the systems.

  1. Create a Service Account in Active Directory

    • Open Active Directory Users and Computers.
    • Navigate to the appropriate Organizational Unit (OU).
    • Right-click the OU, select New > User.

  2. Configure the Service Account

    • Enter the required user details and click Next.
    • Set a secure password for the account and click Next.
    • Review the information and click Finish to create the account.

  3. Enable the Mailbox for the Service Account

    • Log in to the Exchange Admin Center using your Exchange administrator credentials.
    • Navigate to Recipients > Mailboxes.
    • Click Add and select User Mailbox.
    • Enter an alias, select the newly created service account from Active Directory, and click Save.

 

 

Step 2. Assign Application Impersonation Roles to the Service Account

Application impersonation can be granted via either the Exchange Management Shell (Option-1) or via the Exchange Admin Center (Option-2), and with or without a management scope. We have listed two options below. For security practices, we recommend granting this role with a management scope.

Important! Having the Evoko service account granted with Application Impersonation permission is a requirement to successfully integrate Evoko Liso with an Exchange on-premise environment.

Option #1: Granting Impersonation with a Management Scope via Exchange Management Shell:

1: Launch Exchange Management Shell

  • Begin by opening the Exchange Management Shell on your Exchange server.

2: Create a Management Scope

  • Define a management scope that restricts impersonation to resource mailboxes. Use the following command:

New-ManagementScope -Name "ResourceMailboxes" -RecipientRestrictionFilter {RecipientTypeDetails -eq "RoomMailbox" -or RecipientTypeDetails -eq "EquipmentMailbox"}

3: Assign Impersonation Rights to the Service Account

  • Grant impersonation permissions to your service account and apply the previously created management scope:

New-ManagementRoleAssignment –Name "ResourceImpersonation" –Role ApplicationImpersonation -User "service-account@domain.com" –CustomRecipientWriteScope "ResourceMailboxes"

4: Verify the Impersonation Assignment

  • To confirm that impersonation has been successfully granted, run the following command:

Get-ManagementRoleAssignment -Role "ApplicationImpersonation" -GetEffectiveUsers

5. Review the output to ensure that:

  • The Role column displays  ApplicationImpersonation
  • The EffectiveUsername column includes your service account.

If both conditions are met, the impersonation setup has been successfully applied.

 

Option #2: Granting Application Impersonation Role via Exchange Admin Center

This method enables you to assign the Application Impersonation role to a service account using the Exchange Admin Center (EAC). Follow the steps below to configure impersonation permissions through the web interface.

1: Access the Exchange Admin Center

2: Create a New Admin Role

  • In the left-hand menu, go to Permissions > Admin Roles.
  • Click the "+" icon to create a new admin role.
  • Configure the role with the following settings:
    • Name: Enter a descriptive name, such as Impersonation.
    • Description: (Optional) Provide a brief description of the role.
    • Write Scope: Leave this set to Default.
    • Roles: Click the "+" to add a role. From the list, select ApplicationImpersonation, click Add, then click OK.
    • Members: Add the Exchange service account mailbox that requires impersonation rights.
  • Click Save to apply the changes.

3: Confirmation

  • Once saved, the Impersonation role will be created and successfully assigned to the specified service account mailbox. This account will now have the necessary permissions to impersonate other mailboxes as defined by the role.

 

Step 3. Create Resource Mailboxes

Set up resource accounts (e.g., room mailboxes) that will be managed through Evoko Home.

You can create room or equipment resources from the Exchange admin center.

  1. Open the Exchange Admin Center

  2. Navigate to RecipientsResources

  3. Click ➕ New

  4. Select one of the following:

    • Room mailbox
    • Equipment mailbox

  5. Complete the required fields:

    • Name
    • Alias
    • Organizational unit (optional)
    • Mailbox database

  6. Click Save to create the resource.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Stage
    Final
  2. Tags
    1. Evoko
    2. Evoko Home
    3. Evoko Liso