Create a personal authentication mode connection with Microsoft Exchange Online

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Create a personal authentication mode connection with Microsoft Exchange Online

    This guide explains how ServiceNow administrators can establish a personal authentication mode connection with Microsoft Exchange Online to synchronize reservations with Microsoft Outlook calendars. By generating a user-level authentication token, users can create, update, or cancel reservations that reflect in their Outlook calendar, enhancing calendar synchronization for workplace reservations.

    Show full answer Show less

    Key Features

    • Personal Authentication Mode: Uses user-specific tokens for actions triggered by users, while system-to-system integrations handle non-user-triggered actions.
    • Subsource Identification: The new subsource snwsdrestapi distinguishes reservations from REST API actions, enabling system-to-system credential use within personal authentication mode.
    • Upgrade Handling: System properties automatically adjust to Strict or Normal modes based on pre-upgrade settings. Strict mode configuration is now managed via the snwsdrsvsync.syncintegrationmode system property at the instance level.
    • Reservation Restrictions: Specific rules apply when creating, updating, or deleting reservations in personal authentication mode, including limitations on blocker, group, and on-behalf-user reservations to ensure proper calendar access and security.
    • OAuth and Azure Configuration: Detailed steps to configure OAuth connectivity with Microsoft Exchange Online via Microsoft Azure, including setting delegated user emails for resource rooms and creating personal authentication mode application registries.
    • Connection and Credential Alias Setup: Instructions to establish and customize connection and credential aliases for Microsoft Exchange Online, enabling tailored calendar provider configurations.
    • Calendar Provider Integration: Guidance on configuring the Microsoft Exchange Online calendar provider within ServiceNow to synchronize workplace reservations effectively using personal authentication mode.

    Practical Implications for ServiceNow Customers

    By implementing personal authentication mode for Microsoft Exchange Online, ServiceNow customers can:

    • Enable seamless synchronization of workplace reservations with individual users’ Outlook calendars, improving reservation visibility and management.
    • Maintain security and access control by restricting calendar modifications to authorized users only, especially for sensitive reservation types like blocker and group reservations.
    • Leverage system properties for flexible configuration of synchronization modes (Strict or Normal) to align with organizational policies.
    • Utilize OAuth integration with Microsoft Azure to securely connect ServiceNow with Microsoft Exchange Online for calendar synchronization.
    • Customize connection and credential aliases to fit their instance-specific requirements, enhancing manageability of calendar provider settings.

    As an admin, establish a personal authentication mode connection with Microsoft Exchange Online to synchronize reservations. A user-level authentication token is generated that enables you to create, update, or cancel reservations to synchronize events on the Microsoft Outlook calendar.

    Integrations

    System-to-system integrations are used for all actions that aren’t triggered by the user and that must be synchronized with Microsoft Outlook. For all other user-triggered actions, the user's personal token is used.

    Subsources to cater to reservations

    A new Subsource, sn_wsd_rest_api, has been introduced to distinguish the reservations originating from the REST API. This action enables the use of system-to-system credentials to synchronize the reservations with Microsoft Outlook in personal authentication mode.

    Handling upgrade scenarios

    If the Strict mode is enabled for active calendar providers before the upgrade, the system property is automatically set to Strict after the upgrade.

    If the Normal mode is configured for active calendar providers before the upgrade, the system property is automatically set to Normal after the upgrade.

    The Strict Mode check box is no longer displayed in the calendar provider because the corresponding column has been deprecated in the calendar provider. To configure the Strict mode, you must set the system property sn_wsd_rsvsync.sync_integration_mode at instance level.

    Strict mode can now be configured using the system property at the instance level. For more information, see Set Workplace Calendar Synchronization properties.

    Reservation restrictions

    Review the restrictions for creating, updating, or deleting user reservations, as well as for blocker and group reservations, when personal authentication mode is enabled.

    Table 1. Restrictions
    Reservation type Description
    Blocker reservations When Personal mode is enabled, blocker reservations are created in the delegated user's calendar, with the requested for user added as an invitee.

    If the sn_wsd_rsv.blocker_user system property specifies a blocker user, the system creates the reservation in the delegated user's calendar and adds the blocker user as an invitee.
    Onbehalf user reservation The This reservation is for field is not displayed in personal authentication mode. In personal mode, you can't create Onbehalf user reservations because you don’t have access to other user's calendar. However, you can create on-behalf reservations for non-synchronized rooms.
    Group reservations Group reservations aren’t supported in Personal mode for synchronize-enabled rooms, even if the Enable group reservations check box is selected in the reservable module. You can create group reservations for non-synced rooms.
    Create reservation The following restrictions apply when creating reservations from theWorkplace Service Delivery (WSD) portal, Event planner, Quick Reservation, and Now Mobile:
    In Personal mode
    If the requested-for user doesn’t match the session user, the reservation can’t be created.
    In Strict or Normal mode
    Reservations can be created without any restrictions.
    Update or cancel reservation The following restrictions apply when updating or canceling reservations from the WSD portal, Event planner, and Now Mobile:
    In Normal mode
    All reservations can be updated or canceled.
    In Personal authentication mode
    • If the Sync mailbox of the reservation is set to other (a reservation created in the delegated user calendar), the reservation can be updated or canceled in the delegated user calendar.
    • If the Sync mailbox is set to user, the following rules apply:
      • If the reservation is edited or canceled from sources other than WSD Portal, Quick Reservation, WSD Mobile, or Event Planner, it can’t be updated or canceled.
      • If the session user (the person who is updating or canceling the reservation) doesn’t match the requested-for user, the reservation can’t be edited or canceled.
      • If a personal token doesn’t exist for the user updating or canceling the reservation, the reservation can’t be updated or canceled.
      • In all other cases, the reservation can be updated or canceled.
    Note:
    All the above reservations that can’t be updated or canceled appear dimmed in the schedule view of event planner workspace.
    In Strict mode
    Users can only update or cancel a reservation if the Sync mailbox is set to other in Strict mode.