How to configure mailbox access using EWS application-only connection¶

For users of the Email Sidebar on:

4 min read

Note

The privacy and security of data access and handling during RG Email Sidebar deployment are guaranteed by the applicable Revenue Grid policies.

Introduction¶

This guide provides step-by-step instructions for configuring the RG Email Sidebar and Sync Engine to access your users’ corporate mail server using application-only (app-only) access for Exchange Web Services (EWS).

App-only access uses an application’s identity to connect securely to Microsoft 365 or Exchange resources without relying on individual user credentials. It ensures enhanced security, scalability, and simplified management for administrators.

EWS app-only access is ideal for organizations that rely on Exchange-specific features like email, calendars, and contacts. If your organization needs broader integration with Microsoft 365 services, such as SharePoint or Teams, consider configuring MS Graph app-only access.

This guide is for administrators setting up the mailbox connection for RG Email Sidebar and Sync Engine for the first time. For migration steps, refer to Migration from delegated to application-only access for Exchange Web Services (EWS).

Prerequisites¶

Before configuring mailbox access via an EWS application-only connection, ensure the following:

Microsoft Entra admin access: Administrative rights to the Microsoft Entra admin center (formerly Azure AD portal) to register and grant the RG application permissions.
RG admin panel access: Platform administrator or profile administrator rights to configure the RG admin panel.

Configuration¶

To configure mailbox access using an EWS app-only connection:

Create RG profile¶

Log in to the RGES Admin Panel using your admin credentials.
Go to the Profiles tab.
In the upper-right corner, click Create Profile.
Enter the Name and External ID, then click Save.

Important

Once saved, the External ID becomes read-only and cannot be changed.

A notification confirms successful profile creation, and the profile details page will open.

Set profile’s mailbox access type¶

In the profile, go to the Connectivity subtab.
In the Email configuration section, in the Mailbox access type menu, select Microsoft 365 OAuth (EWS API) - App-Only logon.
Click Connect account. This will open the Office 365 OAuth dialogue.
Enter your Microsoft 365 admin credentials to grant permissions for EWS app-only access.
In the permission authorization dialog, click Accept to complete the setup. If successful, the Email configuration section will display Connected.

Note

When permissions are granted, the RG application is automatically registered in your Microsoft 365 tenant. You can manage these permissions in the Microsoft Entra admin center. For more information, refer to Grant tenant-wide admin consent to an application.

Provision users¶

Go to the profile’s Details subtab.
In the Miscellaneous section, in the Email domains assigned to this Profile field, specify the users’ email domains.
Copy the Provisioning URL and share it with end users.
Users should follow the link and complete the steps in the Registration Wizard.

Users will be automatically assigned to the profile if their email domains match the ones specified in the Email domains assigned to this Profile field during registration.

Verify connectivity¶

Important

Be sure to complete this step. It is essential to finalize mailbox access configuration and ensure RG Email Sidebar and Sync Engine can access and sync users’ mailbox data.

In the profile, open the Connectivity subtab.
In the Email configuration section, click Check users’ impersonated access.

Once verified, all user accounts assigned to the profile are configured to use EWS app-only access. Connection statuses will be displayed for each user.

Troubleshooting¶

If mailbox authentication issues occur, ensure the connectivity verification step is completed. Follow the steps in the corresponding instructions. If issues persist, contact our support team.