Add a Microsoft Exchange data source (User name / Kerberos)

The following is a description of how to add a Microsoft Exchange data source using either the "User name - password" or "Kerberos (integrated authentication only)" authentication type.

If you want to use "OAuth2 (only with MS365)" as the authentication type, then you can find detailed instructions, starting from the section Add Microsoft Exchange data source (OAuth2).

Requirements

You have installed the Intrexx MediaGateway.

For detailed information, please refer to the section MediaGateway installation.

Step-by-step guide

To add a Microsoft Exchange data source in the Intrexx Portal Manager, please proceed as follows:

  1. Open the "Integration" menu.

  2. Select "Connector for Microsoft Exchange" under "Consume data".

  3. Right-click on the item and select "New data source" from the context menu.

    The "New data source - General" dialog will open.

    Configure MediaGateway connection

    Connection name

    This name will be used to select the connection later in applications.

    Host, Port, Time zone

    Enter the Host, Port and Time zone for the MediaGateway server.

    Generally, the MediaGateway will use port 8087 for connections as well as port 9087 for SSL encrypted connections.

    Use gRPC instead of COBRA (classic)

    11.2/11.02

    If you select this checkbox, the gRPC framework is used. The INTREXX GmbH recommends the use of this option.

    If you do not select this checkbox, the CORBA framework will (continue to) be used.

    More information

    Use SSL

    If you select this checkbox, communication between the Media Gateway server and the Exchange server is encrypted.

    SSL port

    Enter the port on the media gateway server to be used for the encrypted connection.

    Password/Change password

    When creating a new Microsoft Exchange data source, you must enter the password for the Intrexx MediaGateway here. During the installation, you assigned the password to the Intrexx MediaGateway.

    You should change the default password. You can do this here after the data source has been created.

    More information

    Configure MediaGateway connection

  4. Click on "Next".

    The "New data source - Exchange version" dialog will open.

    Select Microsoft Exchange version

    Microsoft Exchange Server version

    Select the version of your Exchange Server here. Microsoft Exchange Server 2003 or 2007 and Microsoft Exchange Server 2010 or higher are supported by the Intrexx MediaGateway.

    Select the "Microsoft Exchange Server 2010-2019 or 365" option if you are using Microsoft Exchange Online.

  5. Click on "Next".

    The "New data source - Exchange account" dialog will open.

    Enter access data

    User name / Password

    Enter the login details to a user inbox created on the Microsoft Exchange server. The account requires no special permissions. The Connector for Microsoft Exchange will use this account to query meta-information from the Exchange server, which will then be available when creating applications, and delivers information about data fields, field types, and existing tables.

    Email

    Enter the name of the Exchange inbox or the email address. Make sure to use the primary inbox address. If you use an alias address, the functions of the Connector may be limited in some cases.

    Server (URL)

    Enter the URL of the Microsoft Exchange server here that assumes the Client Access role (e.g. the OWA server).

    The Exchange Server can be a server that you host yourself or on Microsoft Exchange Online.

    Example

    • Self-hosted Exchange Server from Exchange 2010 onwards

      https://mailserver.mycompany.org/ews/Exchange.asmx

      Usually, the URL begins with the protocol https followed by the fully qualified server name and "/ews/Exchange.asmx " (Exchange 2010 or later).

    • Microsoft Exchange Online

      https://outlook.office365.com/ews/Exchange.asmx

  6. Click on "Next".

    The "New data source - Authentication" dialog will open.

    Select authentication type

    Type of authentication

    User name / Password

    With this option, the user name and password that you use for login to Windows will be used in Intrexx to log on to Exchange. The login data can either be queried session-based and must then be entered by the users every time they log on to the portal again, or you can enter the data in encrypted format on the MediaGateway in order to avoid needing to renew logins. In this case, a connection will be created by Intrexx between the logged-in Intrexx user and the saved login information for the Exchange server.

    OAuth2 (only with Office 365)

    Authentication from Intrexx to Microsoft Exchange Online can take place via OAuth2.

    If you choose this option, you will have to perform a number of steps within Intrexx and also some steps outside of Intrexx, especially in Microsoft Azure.

    A detailed description of how to authenticate for Microsoft Exchange Online using OAuth2 is found in the following section: Add a Microsoft Exchange data source (OAuth2)

    Kerberos

    Kerberos will determine the login information according to the current Windows user and will log in automatically log. Please note the following basic requirements for successful authentication with Kerberos:

    • The Intrexx portal needs to operate with integrated authentication.

    • The users in your Active Directory must be correspondingly entered to Intrexx. Users can also be imported with ease. Please ensure that at least one user is contained in the Administrators group, so that you can continue to administrate the system.

    • The server on which the MediaGateway is installed requires the group permission "Delegation".

    • All clients and servers must be members of the same domain.

    • In Internet Explorer, the security settings for the zone to be used during user authentication must be set to "Automatic login with current user name and password". Additionally, the option for "Enable Integrated Windows authentication" must be selected in the advanced settings.

    • With Kerberos authentication, you have true single sign on for your users' access to the Exchange server and use the integrated Windows authentication.

    If a user cannot be authenticated, the session-based login will automatically be activated.

    Service Principal Name

    For successful authentication, the entry of a so-called Service Principal Name (SPN) is required. The SPN contains the information about the service for whom a Kerberos ticket should be created. This ticket will be required for the MediaGateway server. The dialog will suggest a SPN to you, but in practice, it may need to be adjusted, depending on your system environment. The SPN will usually be made up of the following components: host/<Computer DNS Name>@<KERBEROS_REALM> Computer DNS name: fully qualified host name (such as mycomputer.mycompany.com) KERBEROS_REALM: as a rule, the domain in capitals (like MYCOMPANY.COM) The SPN would, therefore, read as follows with the sample data: host/mycomputer.mycompany.com@MYCOMPANY.COM

    Access data for the Exchange server

    The login of an Intrexx user to the Exchange server takes place via a login box that will be shown when an Intrexx Exchange application is called up in the portal.

    The Kerberos authentication only works if the requesting client uses the fully qualified Name in the server URL which is entered in the login box and not the IP of the Exchange servers. The request of a portal on client systems depends on the configuration of your DNS server and has to be executed via one of the following URLs:

    • https://12.34.56.78/exampleportal

    • https://intrexxserver.example.org/exampleportal

    • https://intrexxserver/exampleportal

    Please ask your system administrator for more information about this.


    In the configuration of the access data for the Exchange server, you can define whether specific data should be automatically entered to the login box, like the domain, or if data should be taken from the User Manager, such as the user name, or which data must be manually entered by the user to the login box in Intrexx Exchange applications.

    Exchange user name / Email address / Domain / Server (URL)

    In each case, opens a dialog where you can define the source for the user name, email address, domain and server URL for logging in to the Exchange server.

    Query login data session-based on the web

    If this setting is not activated, all login information from the login box will be saved as user account in the MediaGateway as soon as the user logs on for the first time with the Intrexx Exchange application. If this login was successful, the corresponding account information will be saved, encrypted with RSA, to the MediaGateway. The next time the Intrexx portal is visited, the login will not be required, as long as the connection to the Exchange server can be established. Next, the login box will then only be shown again when changes to the access data of the user come about, i.e. when, for example, the value of a relevant field in the User Manager has changed. If the setting is set for "Login data in web is session-based", the information will be queried for each session and no account will be created on the MediaGateway. The login box will thereafter always be shown the first time an Intrexx user opens an Exchange application in the portal.

    An Intrexx portal user can only access the information on the Exchange server for which they have been provided permission by the Exchange Server.

    Administration

    Overview of known users

    Opens a dialog which contains a list of the users in the MediaGateway. This link is clickable if MediaGateway accounts have already been created because users have logged in.

  7. Click on "Next".

    The "New data source - Additional users" dialog will open.

    Add additional users

    In several use cases, it can be necessary to access various mailboxes with one specific account, such as to present appointments from various Exchange calendars together in one Intrexx calendar. For this purpose, a mailbox can be created on the Exchange server, which receives permissions to the required Exchange calendars. The sharing of the respective calendars must be set in Microsoft Outlook by the users themselves. Here, an assignment of an Intrexx user for an Exchange mailbox can be defined and then defined as a static user in applications and processes. The use of these static users can be a good idea for applications where an overview of a series of appointments from various users is to be presented. In this way, each user does not have to provide every other user with permission for their calendar. In a process, a User switch action can be defined. In this case, all subsequent actions will take place in the role of the defined user. The process can then, for example, search in the mailboxes to which it has access for appointments with specific characteristics and create or change appointments.

    Add

    Opens a dialog where a user can be assigned.

    Edit

    Opens a dialog where the currently selected user can be edited.

    Delete

    Removes a user from the list.

    Manage access to shared items

    Opens a dialog where access permissions to Exchange elements can be edited.

  8. Click on "Next".

    The "New data source - Connection test" dialog will open.

    Test connection

    Test connection to Administrator account

    Click on this link to test the connection to the Administrator account. If the connection cannot be established successfully, first check the following points:

    • MediaGateway not installed

    • MediaGateway service has not been started

    • Incorrect host and/or IP address

    • Password incorrect (the default password is 1234)

    • Firewall settings (port 8087 blocked)

    Test connection to Exchange account / Test connection to additional Exchange users

    Click on this link to test the connection to the Exchange account / to additional Exchange users. If the connection cannot be established successfully, first check the following points:

    • Mailbox does not exist

    • Invalid login information

    • Mailbox has not yet been initialized on the Exchange server (after creating a mailbox, one must log in at least once with Outlook)

    • Outlook Web Access is not reachable (speak to your Exchange administrator)

    Click here for more information.

  9. Click on "OK".

    A security notice may be displayed prompting you to change the password for the MediaGateway. Follow this prompt if you are still using the default password that the MediaGateway was installed with.

    You have added a Microsoft Exchange data source.