Create a personal authentication mode connection with Microsoft Exchange Online

  • Release version: Xanadu
  • Updated November 28, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Create a personal authentication mode connection with Microsoft Exchange Online

    ServiceNow administrators can establish a personal authentication mode connection with Microsoft Exchange Online to synchronize reservations and calendar events at the user level. This mode generates user-level authentication tokens, enabling users to create, update, or cancel reservations that sync directly with their Outlook calendars. Personal authentication is intended for user-triggered actions, while system-to-system integrations handle background synchronization processes.

    Show full answer Show less

    Key Features

    • Personal Authentication Token: Enables user-specific calendar event management, ensuring direct synchronization with Outlook for actions initiated by the user.
    • New Subsource (snwsdrestapi): Differentiates reservations originating from REST API calls, allowing system-to-system credentials for synchronization in personal authentication mode.
    • Upgrade Handling: After upgrading, calendar provider modes (Strict or Normal) are managed via a system property (snwsdrsvsync.syncintegrationmode), replacing the deprecated Strict mode checkbox.
    • Reservation Restrictions: Personal mode restricts certain reservation types:
      - Blocker reservations are created in delegated user calendars with specified behavior depending on system properties.
      - On-behalf user reservations are not supported for synchronized calendars.
      - Group reservations are not supported for sync-enabled rooms but allowed for non-synced rooms.
      - Creation, update, and cancellation of reservations are subject to user identity matching the requested-for user and presence of personal tokens.
      - Reservations that cannot be modified appear grayed out in the event planner workspace.
    • Microsoft Azure Configuration: Set up OAuth-based personal authentication via Microsoft Azure to enable secure connection between Microsoft Exchange Online and Workplace Calendar Synchronization.
    • Connection and Credential Alias Setup: Create and configure application registries, connection aliases, and credential aliases to manage authentication and authorization for Exchange Online integration.
    • Calendar Provider Configuration: Configure Microsoft Exchange Online as the calendar provider in personal authentication mode to synchronize reservations effectively through the Workplace Reservation Management portal.

    Practical Considerations for ServiceNow Customers

    • Use personal authentication mode for user-initiated reservation actions to maintain secure and accurate synchronization with Outlook calendars.
    • Configure system properties appropriately when upgrading to control synchronization behavior and mode enforcement.
    • Understand reservation restrictions to avoid errors when creating or managing reservations, especially for delegated, on-behalf, or group bookings.
    • Set up Microsoft Azure OAuth and connection aliases carefully to ensure seamless integration and token management.
    • Leverage the new subsource for REST API–based reservations to separate system-to-system integrations from personal user actions.

    Next Steps

    • Configure Microsoft Azure for OAuth authentication with Exchange Online.
    • Create application registries and connection aliases in ServiceNow for personal authentication mode.
    • Adjust system properties post-upgrade to control calendar synchronization modes.
    • Review reservation restrictions and plan reservation workflows accordingly.
    • Set up and test calendar provider configuration to ensure smooth synchronization of reservations.

    As an admin, establish a personal authentication mode connection with Microsoft Exchange Online to synchronize reservations. A user-level authentication token is generated that enables you to create, update, or cancel reservations to synchronize events on the outlook calendar.

    Integrations

    System-to-system integrations would be used for all actions that aren’t triggered by the user and that must be synchronized with Outlook. For all other user-triggered actions, the user's personal token is used.

    Subsources to cater reservations

    A new subsource, sn_wsd_rest_api, has been introduced to distinguish the reservations originating from the REST API. This action enables the use of system-to-system credentials to synchronize the reservations with Outlook in personal authentication mode.

    Handling upgrade scenarios

    If the Strict mode is enabled for active calendar providers before the upgrade, the system property is automatically set to Strict after the upgrade.

    If the Normal mode is configured for active calendar providers before the upgrade, the system property is automatically set to Normal after the upgrade.

    The Strict Mode check box is no longer displayed in the calendar provider, because the corresponding column has been deprecated in the calendar provider. To configure the Strict mode, you must set the system property sn_wsd_rsvsync.sync_integration_mode at instance level.

    Strict mode can now be configured using the system property at the instance level. For more information, see Set Workplace Calendar Synchronization properties.

    Reservation restrictions

    Review the restrictions for creating, updating, or deleting user reservations, as well as for blocker and group reservations, when personal authentication mode is enabled.

    Table 1. Restrictions
    Reservation type Description
    Blocker reservations Blocker reservations are created in delegated user's calendar with the requested for user as an invitee when Personal mode is enabled.

    If the sn_wsd_rsv.blocker_user system property specifies a blocker user, the system creates the reservation in the delegated user's calendar and adds the blocker user as an invitee.
    Onbehalf user reservation The This reservation is for field is not displayed in personal authentication mode. In personal mode, you can't create Onbehalf user reservations, as you don’t have access to other user's calendar. However, you can create on-behalf reservations for non-synchronized rooms.
    Group reservations Group reservations aren’t supported in Personal mode for synchronize-enabled rooms, even if the Enable group reservations check box is selected in the reservable module. You can create group reservations for non-synced rooms.
    Create reservation The following restrictions apply when creating reservations from the Workplace Service Delivery portal, event planner, Quick Reservation, and Now Mobile:
    In Personal mode
    If the requested-for user doesn’t match the session user, the reservation can’t be created.
    In Strict or Normal mode
    Reservations can be created without any restrictions.
    Update or cancel reservation The following restrictions apply when updating or canceling reservations from WSD portal, event planner, and Now Mobile:
    In Normal mode
    All reservations can be updated or canceled.
    In Personal authentication mode
    • If the Sync mailbox of the reservation is set to other (reservation created in the delegated user calendar), the reservation can be updated or canceled in delegated user calendar.
    • If the Sync mailbox is set to user, the following rules apply:
      • If the reservation is edited or canceled from sources other than WSD Portal, Quick Reservation, WSD Mobile, or Event Planner, it can’t be updated or canceled.
      • If the session user (the person who is updating or canceling the reservation) doesn’t match the requested-for user, the reservation can’t be edited or canceled.
      • If a personal token doesn’t exist for the user updating or canceling the reservation, the reservation can’t be updated or canceled.
      • In all other cases, the reservation can be updated or canceled.
    Note:
    All the above reservations that can’t be updated or canceled appears grayed out in the schedule view of event planner workspace.
    In Strict mode
    Users can only update or cancel a reservation if the Sync mailbox is set to other in strict mode.