!! Only relevant when using EWS API

This guide will show you how to create an Azure application for Exchange, user import and SSO integration, so you only need one application instead of one for each.

If you only want to setup an Exchange integration, please see this guide instead oAuth for Planner, or how to set up Exchange integration for Office 365 / Exchange online

You will need administrator rights in Planner and Azure Active Directory. This guide uses the demo site https://guidedemo.tryingplanner.com/ as an example, please remember to use your own Planner link instead.

Note, this is essential for Single sign on, but if you don't need single sign on, you can skip this chapter and chapter "Set Application ID URI"

Login to your azure at https://portal.azure.com/

Scroll down and click "Custom domain names"

Click "+Add custom domain"

Type in your link. The link needs to be based on your Planner url. In the picture I used guidedemo.tryingplanner.com but your link should be [customername].pronestor.com where [customername] is replaced with your customername.

Click "Add domain"

Then you get your Destination or points to address. Please copy it since you need to send it to [email protected] for verification.

Login to your azure at https://portal.azure.com/

Click "App Registrations"

Click "+New registration"

Give the Application a name and choose single tenant and click register

Click "Add a Redirect URI"

Click "+Add a platform"

Click "Web"

Now you need to add a link. The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/Login but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.

Then click "Configure"

Click "Add URI"

Here we add another URL that you need to build. The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/RedeemAuthorizationCode but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/RedeemAuthorizationCode where [customername] is replaced with your customername.

Then click "Save"

Click "Add an Application ID URI"

Click "Set"

The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/Login but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.

Fill in the link and click "Save"

These rights are used by the user import to read your groups and users properly.

Click "Add a permission"

Click "APIs my organization uses"

Click "Office 365 Exchange Online"

Click "Select"

Choose "Application permissions"

API Permissions → Add a permission → Exchange → full_access_as_app

This right lets the application connect with Exchange

See our guide that includes advice on your ad groups. https://helpdesk.pronestor.com/hc/en-us/articles/360035378312-Azure-Active-Directory-integration

This should be done AFTER you have imported users, or you won't be able to login.

Send an email to [email protected] with:

Then the Helpdesk will enable it.

Open your Planner site

Go to Administration -> Settings

Click Exchange - note if you don't have exchange as an option, please contact [email protected] to get Exchange enabled

Click "Exchange online"

Click "Use OAuth"

Fill out Application ID and Directory id

Fill in a default booker. This user is used as the host if the host in Exchange doesn't exist in Planner. We recommend using a system user and not a real user for this fallback mechanism.

Click "Save"

Click "Create new certificate"

This will download a certificate that needs to be added to your Azure application to authorize communication between Planner and Exchange.

Open Azure and find your application

Click "Certificate & secrets"

Click "Upload certificate" and find the downloaded file.

Click "Add"

You're done in Azure, return to Planner

Click "Test connection"

If the little text up here changes to "OK" and that means it is configured correctly.

The AADSTS700016 Error:

This following error is generated because there is missing an Application URL ID.

Which need to be set under the app registration - Expose an API as shown in the video below.

The URL ID you need to set is:

But instead of [booking], you need to type in your site name

Example:

The Import From Azure Error:

The following Error is generated by a faulty Client Secret.

The following error shows when doing an import:

"Microsoft.Identity.Client.MsalServiceException: 401: Unauthorized - invalid_client. at PronestorWebAdmin.MsGraph.MsGraphAuthenticator.HandleMsalServiceException(MsalServiceException)"

the Error is resolved by going to your Pronestor app registration - Certificates & Secrets

and then renewing and setting a new Client Secret as shown in the video below.

The Error 500 when accessing "My settings"

When ever a user tries to go to the tab "My settings" they are the met with an "Error 500" page.

It is caused by either a missing or incorrect URL setting in the App registrations - Authentication section.

It can be fixed be setting the URL

Here you have to remember that [booking] needs to be changed into your own site name

Example:

Failed to update Application ID URI application property error

This means the Client id or url is incorrect. Please doublecheck that it is filled out according to the guide