How to Set Up Sync via Impersonation & Configure User Mailboxes¶
For users of the Email Sidebar on:
4 min read
Note
Although deploying the RG Email Sidebar and Sync Engine using EWS delegated access is still possible, we do not recommend this approach. According to the retirement of the ApplicationImpersonation RBAC role in Exchange Online, starting February 2025, delegated authentication for accounts with impersonation permissions will no longer be supported. To ensure long-term compatibility and security, we recommend using the EWS or MS Graph app-only access for impersonated connectivity.
MS Exchange / Office 365 Impersonation is used in scenarios when a single admin service account is used to access and manage many end-user accounts, view or adjust their settings, or perform various actions on these accounts’ behalf.
In the RGES setup context, impersonation allows the automatic activation of Revenue Grid synchronization for all relevant email accounts in an organization in bulk via an impersonating MS Exchange service account.
The impersonation service email account requires a dedicated MS Exchange / Office 365 mailbox license and does not require an additional RG Email Sidebar license.
While impersonation requires performing a sequence of configuration steps on the Exchange server side by the local admin (documented in detail in this article), it has the following benefits:
- There is no need for every RGES user to enter one’s Exchange/Office 365 mailbox credentials on RG Email Sidebar setup. Instead, multiple users’ credentials are set up once by the local admin.
- The end-users don’t need to go to RG Email Sidebar settings and update the access password after the mailbox password change.
- Mailbox connectivity is established and monitored entirely by the admin, removing any associated actions from the end-users.
Tip
To check whether an impersonation service account was configured correctly, open this Microsoft connectivity tests page and run the test Service Account Access (Developers), as described in this article.
If an impersonating service account is used for Revenue Grid Sync users authorization, the service account must have a mailbox and a license assigned to it. If the service account does not have a mailbox or license assigned, rooms and other resources will not be retrieved in RG Email Sidebar via EWS.
Setting up RGES Sync for multiple users via Exchange/Office 365 Impersonated Access¶
-
Open MS Exchange or Office 365 admin center. Refer to the following articles to learn how to do that:
-
Create an MS Exchange/Office 356 service account and assign it impersonation permissions using the following step-by-step guides:
-
Set up a profile containing all relevant user mail accounts:
- Log in to the RG Email Sidebar admin panel (the Revenue Grid support team provides you with the admin credentials).
- Create a profile in the RGES admin panel (optional - for customers not fully provisioned by the Revenue Grid CSM team).
- Add all relevant user accounts to the created profile (optional - for customers not fully provisioned by the Revenue Grid CSM team).
-
Configure a RGES Sync access to users’ mailboxes:
Service account authorization via MS Exchange¶
- Go to the Profiles tab, select the required profile from the list, and open the Connectivity subtab.
- In the Email configuration widget, in the Mailbox Access Type picklist, select Microsoft Exchange basic authorization (EWS API) - Impersonated logon.
- In the Account Logon field, enter the Impersonating account’s name (email address).
- In the Password field, enter the Impersonating account’s password.
- In the Exchange Web Services (EWS) URL field, enter the EWS URL used for your MS Exchange.
- Click Save to apply the changes.
Now, the RG Email Sidebar is authorized to access the mailbox data of all users configured under the impersonating service account.
Service account authorization via Office 365 OAuth¶
Important
This method is the only way to authorize an Exchange impersonation service account for Office 365 mailboxes since Microsoft removed the old impersonated access authorization method with login and password credentials in 2021.
- Go to the Profiles tab, select the required profile from the list, and open the Connectivity subtab.
- In the Email configuration widget, in the Mailbox Access Type picklist, select Microsoft 365 OAuth Logon (EWS API) - Impersonated logon.
- Click Connect account.
- In the dialog that appears, enter the Impersonating account’s login credentials and click Sign In.
Now, the RG Email Sidebar is authorized to access the mailbox data of all users configured under the impersonating service account.