You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Create a key vault for the Exchange Online Microservice

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

The Exchange Online microservice requires a key vault configured with an access policy that grants key and secret permissions to assigned applications. These permissions will be granted to the Exchange Online app service hosting the microservice.

Create the key vault and access policy

  1. In Azure, create a Key vault if you do not already have one or want to create a new one.

  2. Navigate to the Key vault blade for the appropriate Key vault.

  3. On the navbar for the Key vault, under Settings, click Access Policies.

  4. Click + Add Access Policy.

  5. Click the Key Permissions drop-down and select the Get, Decrypt, Unwrap Key, and Verify operations.

  6. Click the Secret permissions drop-down and select the Get and List operations.

  7. Under Select principal, click None Selected.

  8. Search for and select the Managed Identity for the Exchange Online App Service. Please note that the Managed Identity you select is the System Assigned Managed Identity you assigned in Step 12 of Configure Exchange Online App Service Authentication.

  9. Click Select to select the principal.

  10. On the Add access policy blade, click Add.

  11. On the navbar for the Key Vault, under Settings, click Secrets.

  12. On the Secrets page, click Generate/Import.

  13. On the Create a secret blade, do the following to create the first secret:

    1. Name – Enter EIDExchangeAdminUser.

    2. Value – Secret values should follow username:password format, such as eiduser@<YourAzureTenant>:TestPass123.

      The user entered here should have the Exchange Admin role assigned to them in Azure. EmpowerID uses this identity to authenticate to Exchange Online PowerShell.

    3. Click Create.

  14. Back on the Secrets blade, click Generate/Import again.

  15. On the Create a secret blade, do the following to create the second secret:

    1. Name — Enter EIDExchangeUserPassword.

    2. Value — Secret values should follow username:password format, such as eiduser@<YourAzureTenant>:TestPass123.

    3. Click Create.

  16. Back on the Secrets blade, click the record for the Exchange Admin User secret.

  17. Click the Current Version to go to the Properties blade for the secret.

  18. On the Properties blade, copy the Secret Identifier. You will use this value later.

  19. Return to the Secrets blade and repeat steps 16, 17 and 18 for the Exchange User Password secret.

  20. Navigate to the Exchange Online App Service you created earlier.

  21. On the navbar for the App Service, under Settings, click Configuration.

  22. Under Application settings, click New application setting.

  23. In the Add/Edit application setting pane, do the following:

    1. Name – Enter the name you gave the to the first secret.

    2. Value – Enter @Microsoft.KeyVault(SecretUri={The_Secret_Identifier_For_The_Exchange_Admin_Secret}), replacing {The_Secret_Identifier_For_The_Exchange_Admin_Secret} with the actual Secret Identifier for the secret.

    3. Click OK.

  24. Back in the Application settings tab of the Configuration blade, click New Application setting.

  25. In the Add/Edit application setting pane, do the following:

    1. Name – Enter the name you gave the to the second secret.

    2. Value – Enter @Microsoft.KeyVault(SecretUri={The_Secret_Identifier_For_The_Exchange_User_Password_Secret}), replacing {The_Secret_Identifier_For_The_Exchange_User_Password_Secret} with the actual Secret Identifier for the secret.

    3. Click OK.

  26. Click Save on the Configuration blade.

  27. Click Continue to confirm that you want to save changes.

  • No labels