For Office 365 customers, Holiday Sync Service now supports OAuth authentication. OAuth is a modern and more secure way to authenticate connections. Before setting it up to use OAuth for Office 365, the following setup steps need to be completed on Azure Active Directory by a tenant admin.

  1. Register your application

  • Under Manage, select App registrations > New registration.

  • Enter a display Name for your application e.g. PeopleHR HolidaySync Service.

  • Specify who can use the application.

  • Add a redirect URL.

    Public client/native (mobile & desktop)

    https://login.microsoftonline.com/common/oauth2/nativeclient

  • Select Register to complete the initial app registration.

  • When registration finishes, the Azure portal displays the app registrations overview. Copy the Tenant ID and Client ID as you will need the information to complete the Holiday Sync Service Setup later.

2. Configure for app-only authentication

  • Select Manifest in the left-hand navigation under Manage.

  • Locate the requiredResourceAccess property in the Manifest, and add the following inside the square brackets ([]):

{

"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",

"resourceAccess": [

{

"id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",

"type": "Role"

}

]

}

  • Select Save

  • Select API permissions under Manage. Confirm that the full_access_as_app permission is listed.

  • Select Grant admin consent for org and accept the consent dialog.

  • Select Certificates & Secrets in the left-hand navigation under Manage.

  • Select New client secret, enter a short description and select Add.

  • Alternatively, you can generate the client secret using PowerShell

PS> Connect-AzureAD -tenantid your_azure_ad_domain_name

PS> $startDate = Get-Date

PS> $endDate = $startDate.AddYears(99)

PS> New-AzureADApplicationPasswordCredential -ObjectId objectid_from_app_ overview_page -CustomKeyIdentifier "MySecret01" -StartDate $startDate -EndDate $endDate

  • Copy the Value of the newly added client secret and save it, you will need it later.

3. Limiting application permissions to specific exchange online mailboxes (recommended)

  • By default, OAuth client credentials grant flow allows access to all mailboxes in an organization on Exchange Online. To limit the application access, please follow the related Microsoft article -

    https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access.

    4. Complete the Holiday Sync Service Config

  • Open 'Holiday Sync Service Config' app, and select OAuth from the Authentication dropdown List. Under the Office 365 tab, fill in the Tenant ID, Client ID and Client Secret which were obtained from previous steps.

  • Click Save.

  • Restart Holiday Sync Service under Windows Services.

Reference: https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth

Did this answer your question?