Product DocsMenu

Coveo Platform 7.0 >
Administrator Help > Connectors > Microsoft Exchange Connector > Microsoft Exchange Configuration > Authorizing the Coveo Connector to Access the Online Mailboxes of Your Azure AD Users

Authorizing the Coveo Connector to Access the Exchange Online Mailboxes of Your Azure AD Users

CES 7.0.7814+ (August 2015)

When you want to index Microsoft Exchange Online mailboxes of cloud-based users (listed using Azure AD), you must perform the OAuth 2.0 protocol of your choice to authorize the Coveo connector to access the mailboxes content.

Note: In Azure AD, users with an on-premises Exchange plan and users with an Exchange Online plan cannot be distinguished, meaning that it is currently not possible via a Microsoft API to ONLY list Exchange Online users/mailboxes. However, using the procedure outlines in this topic, the content of all Exchange Online mailboxes of your organization will be searchable and accessible by their owner. Moreover, during the indexing process, all local mailboxes, which are owned by on-premises Exchange users, are ignored.

The OAuth 2.0 protocol is a protocol used for granting access to external applications without exposing the user's real credentials. For the connector to be able to connect to your Exchange Online users, it must acquire a client ID, a key, a Windows Azure AD Graph API endpoint, and an OAuth 2.0 token endpoint.

To authorize the connector to access the Exchange Online mailboxes of your Azure AD users

  1. Log in to the Windows Azure management portal with an administrator account.

  2. In the Windows Azure management portal, in the navigation bar on the left, click Azure Active Directory.

  3. In the [Directory tenant name] pane, in the navigation bar on the left, under Manage, click App registrations.

  4. In the [Directory tenant name] - App registrations pane, in the action bar, click Endpoints.

  5. In the Endpoints pan:

    1. Take note of the following information that you will also need when configuring the source:

    2. Click the X icon.

  6. Back in the [Directory tenant name] - App registrations pane, in the action bar, click New application registration.

  7. In the Create pane that appears on the right, enter the information related to your application:

    1. In the first box, enter a descriptive Name for the application.

    2. Under Application type, click the drop-down list menu, and then select Web app / API.

    3. In the Sign-on URL box, enter http://localhost.

      Note: This parameter is not used by the application, but cannot be left empty.

    4. At the bottom of the pane, click Create.

  8. Back in the [Directory tenant name] - App registrations pane, click the application you just created.

  9. In the Settings pane that appears, click Properties.

  10. In the Properties pane:

    1. Take note of the Application ID.

      Note: The Application ID value is needed when you later configure the Microsoft Exchange source (see Configuring and Indexing Microsoft Exchange Sources for an Online Deployment).

    2. Next to Multi-tenanted, ensure No is selected.

    3. Click Save.

  11. In the Settings pane, click Required permissions.

  12. In the Required permissions pane, click Windows Azure Active Directory (Microsoft.Azure.ActiveDirectory).

  13. In the Enable Access pane that appears:

    1. Click the Application permissions check box.

    2. Click the Read directory data checkbox, and clear the other checkboxes.

    3. Click Save.

  14. Back in the Required permissions pane, click Grant permissions, and then in the confirmation prompt click Yes.

  15. In the Settings pane, click Keys.

  16. In the Keys pane:

    1. In the first box on the left, enter a Key description.

    2. Click the Duration drop-down list menu, and then select Never expires.

    3. Click Save.

    4. Upon successful configuration, your key Value appears. Copy and store this value that you will need when configuring your Exchange source in a secure location.

      Important: The key value is only displayed once and is not retrievable afterwards.

      Note: The key value is needed when you later configure the Microsoft Exchange source (see Configuring and Indexing Microsoft Exchange Sources for an Online Deployment).

    5. Click the X icon.

What's Next?

Configure your Microsoft Exchange source (see Configuring and Indexing Microsoft Exchange Sources for an Online Deployment).

People who viewed this topic also viewed