Configuring Pexip Infinity for Exchange Scheduler
The Secure Scheduler for Exchange feature (previously known as VMR Scheduling for Exchange) allows you to create an add-in that enables Microsoft Outlook desktop and Pexip web app users in Office 365 or Exchange environments to quickly and easily add a Pexip VMR to their meeting invitations, enabling any meeting to be held over video.
This topic describes the configuration required on your Pexip Infinity deployment to support the Secure Scheduler for Exchange feature.
Prerequisites
- To enable single-use VMRs: you must first complete the steps in either Configuring Exchange on-premises for scheduling (for Exchange on-premises environments), or Configuring Office 365 for scheduling using app permissions (for Office 365 environments).
- To enable personal VMRs: you must first complete the steps in either Configuring AD FS SSO for personal VMRs or Configuring Azure SSO for personal VMRs.
Adding a Secure Scheduler for Exchange Integration to Pexip Infinity
A Secure Scheduler for Exchange Integration defines a specific connection between your Pexip Infinity deployment and a Microsoft Exchange deployment. In some cases a single Pexip Infinity deployment requires more than one Secure Scheduler for Exchange Integration.
Adding a new Secure Scheduler for Exchange Integration involves the following steps:
- deciding whether VMRs used by the Secure Scheduler for Exchange service will be the users' personal VMR(s), single-use (dynamic) VMRs, or both
- (for single-use VMRs) adding details of your Microsoft Exchange deployment and accounts, defining how the single-use VMRs are configured, and configuring the template to use for joining instructions
- (for personal VMRs) adding details of your authentication provider (ADFS or Azure), and defining how the join instructions and meeting location are generated from the existing personal VMR details
- configuring the wording and icon used by the add-in.
From the Pexip Infinity Management Node go to and select . Complete the following fields:
| Option | Description | Notes |
|---|---|---|
| Name | The name used to refer to this integration. | |
| Description | An optional description of this integration. | |
| Enable single-use VMRs | Enable this option to allow Outlook users to schedule meetings in single-use (randomly generated) VMRs. | |
| Enable personal VMRs | Enable this option to allow Outlook users to schedule meetings in their personal VMRs. | |
| Exchange server information (available and required when single-use VMRs are enabled) | ||
| EWS URL |
The URL used to connect to Exchange Web Services (EWS) on the Microsoft Exchange server.
|
|
| Authentication method |
The method used to authenticate to Exchange. For more information, see Enabling authentication.
|
|
| Basic authentication and NTLM authentication options | ||
| Service account username |
The username of the service account used by this integration. This is the username you assigned when Creating a service account for Exchange on-premises.
A single service account can be used by more than one Secure Scheduler for Exchange Integration. |
|
| Service account password |
The password of the service account used by this integration. This is the password you assigned when Creating a service account. |
|
| Kerberos authentication options | ||
| Service account username |
The username of the service account used by this integration. This is the username you assigned when Creating a service account for Exchange on-premises. For Kerberos, this is normally in the format name@REALM where REALM is your upper-case Kerberos realm. A single service account can be used by more than one Secure Scheduler for Exchange Integration. |
|
| Service account password |
The password of the service account used by this integration. This is the password you assigned when Creating a service account. |
|
| Kerberos realm | The Kerberos Realm, which is usually your Exchange domain in upper case. In most cases this should match the REALM part of the service account username. | |
| Kerberos Exchange SPN |
The Exchange Service Principal Name (SPN). If left blank, the hostname of the URL used to connect to Exchange is used as the SPN. You may need to configure this setting if the SPN(s) in your Exchange environment do not match the URL hostname used by Pexip Infinity to connect to Exchange. The format of the SPN is normally the protocol and hostname of the service separated by the @ character, for example HTTP@my-hostname.example.com. |
|
| Enable Kerberos KDC HTTPS proxy | If enabled, all communication to the Kerberos Key Distribution Center (KDC) will go through an HTTPS proxy and all traffic to the KDC will be encrypted using TLS. | |
| Kerberos KDC address |
(Available when Kerberos KDC HTTPS proxy has not been enabled) The address of the Kerberos Key Distribution Center (KDC). This is normally the FQDN of the KDC server, which is normally the Active Directory server. |
|
| Kerberos KDC HTTPS proxy URL |
(Available when Kerberos KDC HTTPS proxy has been enabled) The URL of the Kerberos Key Distribution Center (KDC) HTTPS proxy. This must begin with https:// and is typically in the format https://<KDC Proxy Server FQDN>/KdcProxy. |
|
| Verify KDC HTTPS proxy SSL certificate using custom CA |
(Available when Kerberos KDC HTTPS proxy has been enabled) Determines how the KDC HTTPS proxy SSL certificate is verified. Enabled: the certificate is verified using the configured Root Trust CA Certificates. Disabled: the certificate is verified using the system-wide default set of trusted certificates. |
|
| OAuth (Delegate access with a service account options | ||
| Service account username |
The username of the service account used by this integration. This is the username you assigned when Creating a service account for O365. For Office365 deployments, the format is usually name@domain. A single service account can be used by more than one Secure Scheduler for Exchange Integration. |
|
| OAuth client ID |
Enter the Application (client) ID that was generated for you by Azure when you saved the App Registration. For more information, see Configuring Office 365 for scheduling using a service account. |
|
| OAuth redirect URI |
Enter the Redirect URI that you used when Enabling OAuth authentication for Office 365. This must be in the format https://<Management Node Address>/admin/platform/msexchangeconnector/oauth_redirect/. The OAuth redirect URI is the page on the Administrator interface to which the Pexip Infinity administrator will be returned after they have successfully signed in to the service account. Because it is a page on the Management Node, this URI is internal to your deployment and only needs to be accessible from the administrator's web browser; you do not need to make it externally accessible. This URI must be the same on Azure and Pexip Infinity in order for Azure to validate the sign-in request. |
|
| OAuth authorization endpoint |
Enter the URL of the OAuth 2.0 authorization endpoint (v1) (see Taking note of configuration). Ensure that you use the URL for ... endpoint (v1), not ... endpoint (v2). |
|
| OAuth token endpoint |
Enter the URL of the OAuth 2.0 token endpoint (v1) (see Configuring Office 365 for scheduling using a service account) Ensure that you use the URL for ... endpoint (v1), not ... endpoint (v2). |
|
| OAuth (Application permission without a service account) options | ||
| OAuth client ID |
Enter the Application (client) ID that was generated for you by Azure when you saved the App Registration. For more information, see Taking note of configuration. |
|
| OAuth client secret | The string from the Value field of the client secret which you generated when creating a Microsoft Entra ID App Registration. | |
| OAuth token endpoint |
Enter the URL of the OAuth 2.0 token endpoint (v2) (see Taking note of configuration) Ensure that you use the URL for ... endpoint (v2), not ... endpoint (v1). |
|
| All authentication options | ||
| Mailbox name |
The name of the equipment resource used by this integration. This is the name you assigned when Creating an equipment resource in Exchange on-premises or Creating an equipment resource in O365. An equipment mailbox must only be used by a single Secure Scheduler for Exchange Integration. |
|
| Mailbox email address |
The email address of the equipment resource used by this integration. This is the email address you assigned when Creating an equipment resource in Exchange on-premises or Creating an equipment resource in O365. |
|
| Single-use VMR configuration (available and required when single-use VMRs are enabled) | ||
| Conference name template |
A jinja2 template that is used to generate the name of scheduled conferences. The name is used by the Management Node to identify the conference, and may also appear to conference participants (depending on the endpoint being used). Note that conference names must be unique, so a random number may be appended if the name that is generated is already in use by another service (Virtual Meeting Room, Virtual Auditorium, Virtual Reception, scheduled conference, Media Playback Service, or Test Call Service). Default: {{subject}} ({{organizer_name}}) |
Accepted variables:
|
| Conference description template |
A jinja2 template that is used to generate the description of scheduled conferences. Default: Scheduled Conference booked by {{organizer_email}} |
Accepted variables:
|
| Conference subject template |
A jinja2 template that is used to generate the subject field of scheduled conferences. This is shown on the Management Node when viewing information about the conference, and by default uses the subject line of the meeting invitation so the default should be deleted or amended if you do not want administrators to be able to view the meeting subject. Default: {{subject}} |
Accepted variables:
|
| Scheduled alias prefix |
The prefix to use when generating aliases for scheduled conferences. Note: this must be between 1 and 8 characters long. |
|
| Scheduled alias suffix length |
The length of the random number suffix part of aliases generated for scheduled conferences. This must be a number between 5 and 15. Default: 6. We recommend you use a long suffix for security purposes, and to ensure you have sufficient aliases for your deployment. For more information, see Management Node generates aliases and join instructions. |
|
| Scheduled alias domain | The domain to use when generating aliases for scheduled conferences. | |
| Identity Provider group |
The set of Identity Providers used to authenticate participants attempting to join scheduled conferences. If this is blank, participants are not required to authenticate. For more information, see About participant authentication. |
|
| Other participants |
(Available when an Identity Provider Group is selected) Determines whether participants joining a SSO-protected service from devices other than the web app (for example SIP or H.323 endpoints) are allowed to dial in to the service.
For more information, see About participant authentication. Default: Disallow all |
|
| Join before buffer |
The number of minutes before the meeting's scheduled start time that participants can join the VMR. Range: 0 to 180. Default: 30. |
|
| Join after buffer |
The number of minutes after the meeting's scheduled end time that participants can join the VMR. Range: 0 to 180. Default: 60. |
|
| Scheduled conference theme |
The theme used by all conferences scheduled using the add-in. For more information, see Customizing conference images and voice prompts using themes. Default: <use Default theme> (the global default theme is used). |
|
| Personal VMR configuration (available and required when personal VMRs are enabled) | ||
| Allow new users |
Enable this option to allow users who do not have an existing Pexip Infinity User record () to access the Outlook add-in. When these users sign in, Pexip Infinity will create a new user record for them. Disable this option to allow only those users with an existing User record to access the Outlook add-in. |
|
| Authentication provider | The method by which users sign into the Outlook add-in. | |
| User OAuth authorization URI |
The authorization URI of the OAuth application used to authenticate users when signing in to the Outlook add-in. Azure This is in the format https://login.microsoftonline.com/<UUID>/oauth2/v2.0/authorize
AD FS This is in the format https://<Federation Service Name>/adfs/oauth2/authorize
|
|
| User OAuth token URI |
The token URI of the OAuth application used to authenticate users when signing in to the Outlook add-in. Azure This is in the format https://login.microsoftonline.com/<UUID>/oauth2/v2.0/token
AD FS This is in the format https://<Federation Service Name>/adfs/oauth2/token
|
|
| User OAuth client ID |
The client ID of the OAuth application used to authenticate users when signing in to the Outlook add-in.
|
|
| AD FS Resource Identifier |
(Applies when an Auth Provider of AD FS is selected) The URL which identifies the OAuth 2.0 resource in AD FS.
|
|
| Azure OAuth client secret |
(Applies when an Auth Provider of Azure is selected) The string from the Value field of the client secret of the OAuth application used to authenticate users when signing in to the Outlook add-in. For more information, see Creating and configuring a new App Registration in Azure. |
|
| Personal VMR joining instructions template |
A jinja2 template that is used to generate the joining instructions that are added by Secure Scheduler for Exchange to the body of the meeting request when a personal VMR is used. For more details on constructing the URLs used for joining from a web browser, see Creating preconfigured links to launch conferences via Pexip apps. Default:
{% if domain_aliases %}
{% set alias = domain_aliases[0] %}
{% elif other_aliases %}
{% set alias = other_aliases[0] %}
{% else %}
{% set alias = numeric_aliases[0] %}
{% endif %}
{% if (not allow_guests) and pin %}
{% set meeting_pin = pin %}
{% elif allow_guests and guest_pin %}
{% set meeting_pin = guest_pin %}
{% else %}
{% set meeting_pin = "" %}
{% endif %}
<br>
<div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
<b>Please join my Pexip Virtual Meeting Room in one of the following ways:</b><br>
<br>
From a VC endpoint or a Skype/Lync client:<br>
{{alias}}<br>
<br>
From a web browser:<br>
<a href="https://{{addin_server_domain}}/webapp/#/?conference={{alias}}">https://{{addin_server_domain}}/webapp/#/?conference={{alias}}</a><br>
<br>
From a Pexip Infinity Connect client:<br>
pexip://{{alias}}<br>
<br>
{% if numeric_aliases %}
From a telephone:<br>
[Your number], then {{numeric_aliases[0]}} #<br>
<br>
{% endif %}
{% if meeting_pin %}
Please join using the PIN <b>{{meeting_pin}}</b><br>
<br>
{% endif %}
</div>
|
Accepted variables:
|
| Personal VMR location template |
A jinja2 template that is used to generate the text that is inserted into the Location field of the meeting request when a personal VMR is used. The output of this should be a single line of text. Default: {% if domain_aliases %}
{% set alias = domain_aliases[0] %}
{% elif other_aliases %}
{% set alias = other_aliases[0] %}
{% else %}
{% set alias = numeric_aliases[0] %}
{% endif %}
https://{{addin_server_domain}}/webapp/#/?conference={{alias}}
|
Accepted variables:
|
| Personal VMR name template |
A jinja2 template that is used to generate the name of the personal VMR, as it appears on the button offered to users when selecting which VMR to use. By default, this uses the Name configured for the user's personal VMR. We recommend that the output is a single line. Default: {{name}}
|
Accepted variables:
|
| Personal VMR description template |
A jinja2 template that is used to generate the text that appears when hovering over the button offered to users when selecting which VMR to use. By default this uses the Description configured for the user's personal VMR. Default: {{description}}
|
Accepted variables:
|
| Add-in configuration | ||
| Add-in server FQDN |
The FQDN of the reverse proxy or Conferencing Node (which can be either a Proxying Edge Node or Transcoding Conferencing Node) that provides the add-in content. This reverse proxy or Conferencing Node must:
Pexip's Reverse Proxy and TURN Server v3 and later supports the Secure Scheduler for Exchange feature; we recommend v5 for additional security. If you do not have a reverse proxy in your deployment, you can choose any Conferencing Node that meets the above criteria. |
|
| Add-in provider name |
The name of the organization which provides the add-in. Default: Pexip. |
|
| Add-in display name |
The display name of the add-in. Default: Pexip Scheduling Service. |
|
| Add-in description |
The description of the add-in. Maximum length: 250 characters. Default: Turns meetings into Pexip meetings. |
|
| Add-in group label |
The name of the group in which to place the add-in button on desktop clients. Default: Pexip Meeting. |
|
| Add-in button label |
The label for the add-in button on desktop clients. Default: Create a Pexip Meeting. |
|
| Add-in supertip title |
The title of the supertip help text for the add-in button on desktop clients. Default: Makes this a Pexip Meeting. |
|
| Add-in supertip text |
The text of the supertip for the add-in button on desktop clients. Default: Turns this meeting into an audio or video conference hosted in a Pexip VMR. The meeting is not scheduled until you select Send. |
|
| Add-in pane title |
The title of the add-in on the side pane. Default: Add a VMR. |
|
| Add-in pane description |
The description of the add-in on the side pane. Default: This assigns a Virtual Meeting Room for your meeting. |
|
| Add-in pane single-use VMR button label |
The label of the button on the side pane. Default: Add a Single-use VMR. |
|
| Add-in pane success heading |
The message that appears on the side pane when an alias has been obtained successfully from the Management Node. Default: Success. |
|
| Already video meeting heading |
The heading that appears on the side pane when the add-in is activated after an alias has already been obtained for the meeting. Default: VMR already assigned. |
|
| Unable to add joining instructions heading |
The heading that appears on the side pane when the Management Node cannot be contacted to obtain an alias. Default: Cannot assign a VMR right now. |
|
| General error heading |
The heading that appears on the side pane when an error occurs trying to add the joining instructions. Default: Error. |
|
| Success message |
The message that appears on the side pane when an alias has been obtained successfully from the Management Node. Default: This meeting is now set up to be hosted as an audio or video conference in a Virtual Meeting Room. Please note this conference is not scheduled until you select Send. |
|
| Already video meeting message |
The message that appears on the side pane when the add-in is activated after an alias has already been obtained for the meeting. Default: It looks like this meeting has already been set up to be hosted in a Virtual Meeting Room. If this is a new meeting, select Send to schedule the conference. |
|
| Unable to add joining instructions message |
The message that appears on the side pane when the Management Node cannot be contacted to obtain an alias. Maximum length: 250 characters. Default: Sorry, we are unable to assign a Virtual Meeting Room at this time. Select Send to schedule the meeting, and all attendees will be sent joining instructions later. |
|
| Error inserting single-use VMR message |
The message that appears on the side pane when an error occurs trying to add the joining instructions of a single-use VMR. Default: There was a problem adding the joining instructions. Please try again. |
|
| Add-in pane personal VMR button label |
The label of the button on the side pane used to add a personal VMR. Default: Add a Personal VMR |
|
| Add-in pane sign in button label |
The label of the button on the side pane requesting users to sign in to obtain the list of their personal VMRs. Default: Sign In |
|
| Select personal VMR message |
The message that appears on the side pane requesting users to select a personal VMR to use for the meeting. Default: Select the VMR you want to add to the meeting |
|
| No personal VMR message |
The message that appears on the side pane when the user has no personal VMRs. Default: You do not have any personal VMRs |
|
| Error getting personal VMRs message |
The message that appears on the side pane when an error occurs trying to obtain a list of the user's personal VMRs. Default: There was a problem getting your personal VMRs. Please try again. |
|
| Error signing in message |
The message that appears on the side pane when an error occurs trying to sign the user in. Default: There was a problem signing you in. Please try again. |
|
| Error inserting personal VMR meeting message |
The message that appears on the side pane when an error occurs trying to add the personal VMR details to the meeting. Default: There was a problem adding the joining instructions. Please try again. |
|
| Add-in image icon |
Select the image file to use as the add-in icon. Images must be in PNG file format and 80 x 80 pixels in size. Note that Outlook clients may cache the add-in icon, so it may be some time after uploading a new icon that it appears to end users. You can resolve this by deleting the cache. Default: |
|
| Single-use VMR email text (available and required when single-use VMRs are enabled; for more information, see Formatting the email text) | ||
| Single-use VMR joining instructions template |
A jinja2 template that is used to generate the joining instructions that are added by Secure Scheduler for Exchange to the body of the meeting request when a single-use VMR is used. Note that the {{alias_uuid}} variable, which inserts the PXPS: token, must be included. For examples of templates that use images and other formatting, see Example joining instructions for Secure Scheduler for Exchange. For more details on constructing the URLs used for joining from a web browser, see Creating preconfigured links to launch conferences via Pexip apps. Default: <br>
<div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
<b>Please join my Pexip Virtual Meeting Room in one of the following ways:</b><br>
<br>
From a VC endpoint or a Skype/Lync client:<br>
{{alias}}<br>
<br>
From a web browser:<br>
<a href="https://{{addin_server_domain}}/webapp/#/?conference={{alias}}">https://{{addin_server_domain}}/webapp/#/?conference={{alias}}</a><br>
<br>
From a Pexip Infinity Connect client:<br>
pexip://{{alias}}<br>
<br>
From a telephone:<br>
[Your number], then {{numeric_alias}} #<br>
<br>
{{alias_uuid}}<br>
</div>
|
Accepted variables:
|
| Placeholder instructions text |
The text that is added by Secure Scheduler for Exchange to email messages when the actual joining instructions cannot be obtained. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;"> This meeting will be hosted in a Virtual Meeting Room. Joining instructions will be<br> sent to you soon in a separate email.<br> </div> |
|
| Accept new single meeting template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has successfully scheduled a new single meeting. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
This meeting has been successfully scheduled using the aliases: {{alias}} and {{numeric_alias}}.<br>
</div>
|
Accepted variables:
|
| Accept edited single meeting template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has successfully scheduled an edited single meeting. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
This meeting has been successfully rescheduled using the aliases: {{alias}} and {{numeric_alias}}.<br>
</div>
|
Accepted variables:
|
| Accept new recurring meeting template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has successfully scheduled a new recurring meeting. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
This recurring meeting series has been successfully scheduled.<br>
All meetings in this series will use the aliases: {{alias}} and {{numeric_alias}}.<br>
</div>
|
Accepted variables:
|
| Accept edited occurrence template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has successfully scheduled an edited occurrence in a recurring series. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
This meeting occurrence in a recurring series has been successfully rescheduled using the aliases: {{alias}} and {{numeric_alias}}.<br>
</div>
|
Accepted variables:
|
| Accept edited recurring meeting template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has successfully scheduled an edited recurring meeting. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
This recurring meeting series has been successfully rescheduled.<br>
All meetings in this series will use the aliases: {{alias}} and {{numeric_alias}}.<br>
</div>
|
Accepted variables:
|
| Reject invalid alias ID text |
The text that is sent to meeting organizers when Secure Scheduler for Exchange has failed to schedule a meeting because the alias ID in the meeting email is invalid. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;"> This meeting request does not contain currently valid scheduling data, and therefore cannot be processed.<br> Please use the add-in to create a new meeting request, without editing any of the content that is inserted by the add-in.<br> If this issue continues, please contact your system administrator.<br> </div> |
|
| Reject alias conflict template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has failed to schedule a meeting because the alias conflicts with an existing alias. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
We are unable to schedule this meeting because the alias: {{alias}} is already <br>
in use by another Pexip Virtual Meeting Room. Please try creating a new meeting.<br>
</div>
|
Accepted variable:
|
| Reject alias deleted text |
The text that is sent to meeting organizers when Secure Scheduler for Exchange has failed to schedule a meeting because the alias for this meeting has been deleted. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;"> We are unable to schedule this meeting because its alias has been deleted.<br> Please try creating a new meeting.<br> </div> |
|
| Reject recurring series in past text |
The text that is sent to meeting organizers when Secure Scheduler for Exchange has failed to schedule a recurring meeting because all instances occurred in the past. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;"> This recurring series cannot be scheduled because all<br> occurrences happen in the past.<br> </div> |
|
| Reject single meeting in past text |
The text that is sent to meeting organizers when Secure Scheduler for Exchange has failed to schedule a meeting because it occurred in the past. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;"> This meeting cannot be scheduled because it occurs in the past.<br> </div> |
|
| Reject general error template |
A jinja2 template that is used to produce the message sent to meeting organizers when Secure Scheduler for Exchange has failed to schedule a meeting because a general error has occurred. The {{correlation_id}} variable is a UUID which can be used to find more information from the administrator log. Default: <div style="font-size:11.0pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif;">
We are unable to schedule this meeting. Please try creating a new meeting.<br>
If this issue continues, please forward this message to your system administrator, including the following ID:<br>
CorrelationID="{{correlation_id}}".<br>
</div>
|
Accepted variable:
|
| Advanced options | ||
| Disable web proxy | Select this option to bypass the web proxy (where configured for the Management Node) for outbound requests sent from this integration. | |
| Enable add-in debug logs | Enable this option to view debug logs within the add-in side pane in the desktop and web Outlook client. Only do this as a temporary measure if you are experiencing issues deploying the add-in. Note that these logs will appear for all users of this add-in. | |
| Send Kerberos authorization in every request | When Kerberos authentication is used, enable this option to send a Kerberos Authorization header in every request to the Exchange server. You may need to do this if you use a Layer 7 load balancer in your Exchange environment. If this option is disabled, Persistent-Auth is used which means a Kerberos Authorization header is sent once per connection. | |
| Use custom add-in sources |
Enable this option to override the default locations from which the add-in JavaScript and CSS are served. This option is intended for use in fully air-gapped environments, where Outlook users will not have internet access and therefore these resources must be available locally. If you enable this option, you must host these files on your own internal server, and enter the URLs for each in the relevant fields below. For full instructions, see Configuring Exchange Scheduler in an air-gapped environment. |
|
| Office.js URL |
(Available if Use custom add-in sources is enabled) The URL of the Office.js JavaScript library on the local web server. |
|
| Microsoft Fabric CSS URL |
(Available if Use custom add-in sources is enabled) The URL of the Microsoft Fabric CSS on the local web server. |
|
| Microsoft Fabric Components CSS URL |
(Available if Use custom add-in sources is enabled) The URL of the Microsoft Fabric Components CSS on the local web server. |
|
| Additional add-in script sources |
(Available if Use custom add-in sources is enabled) Optionally specify additional URLs on the local web server from which to download JavaScript script files. These URLs are used in preference to any other URLs specified elsewhere for the same resource. In particular, we recommend that you specify here the URL for MicrosoftAjax.js. Each URL must be entered on a separate line. |
|
| Exchange Metadata Domains and URLs | ||
| Domain or URL |
(Required for single-use VMRs and personal VMRs) An FQDN or URL which can be used to access a page containing the Exchange Metadata for your Exchange deployment. This page provides the public key of the Microsoft Exchange Server Auth Certificate used by the add-in to verify user identities. If a FQDN is supplied, the default URL path https://<FQDN>/autodiscover/metadata/json/1 is used. This URL must be reachable by the management node. If you have a hybrid Exchange and Office 365 deployment, you must include outlook.office365.com in the list of domains as well as the domain of one of your Exchange on-premises servers. If your Exchange deployment uses more than one domain or URL (for example, if you have an on-premises Microsoft Exchange deployment with more than one Microsoft Exchange server, or your Exchange server has more than one FQDN), and they use separate signing certificates, you must include all the FQDNs of all the Exchange servers in your deployment. To do this, select and add the FQDN of each. |
|
|
|
||
Signing in to the service account
If you have enabled OAuth for the first time, you must sign in to the service account after saving the configuration of the Secure Scheduler for Exchange Integration.
You may also need to re-sign in to the service account if:
- the service account password has changed
- the service account uses multi-factor authentication (MFA) and the MFA is refreshed
- you disable and then subsequently re-enable OAuth
-
you update any of the following configuration for the Secure Scheduler for Exchange Integration:
- Service account username
- OAuth client ID
- OAuth token endpoint
- the Management Node has been offline for more than 90 days.
To sign in to the service account:
- Ensure you have signed out of all Microsoft accounts on your device, including the Microsoft Azure portal.
-
From the Management Node, go to and select the integration. At the bottom of the page, select .
You are taken to the Sign in to service account page.
- Copy the Sign in link and paste it into a new browser tab.
-
Sign in as the service account.
You are asked to permit the scheduling application registration to sign in as the service account:
If there is an option to Consent on behalf of your organization, do not select this — consent only needs to be given to the service account.
-
Select .
You are returned to the Management Node.
-
You may be asked to sign in to the Management Node again. If so, you must sign in to the Management Node (using your Management Node credentials) to complete the process of signing in to the service account.
When complete, you are returned to the Sign in to service account page and see the message Successfully signed in.
Saving and checking configuration
When you have finished, select . You are taken back to the main page. The Pexip Infinity platform will attempt to contact the Microsoft Exchange deployment, and if there are any issues, it will raise an alarm on the Management Node.
Formatting the email text
All the templates and text specified in the Email text section can be entered as HTML. This allows you to customize the text (for example, the font, size, and color). When using HTML, you must ensure all HTML tags are closed properly, otherwise you may affect the format of any existing text in the email body.
The add-in pane headings and text can also be formatted using HTML, although some formatting may be overridden by the base HTML. We recommend that you check that any formatting applied to add-ins appears as expected in all clients used in your environment.
Working with jinja2 templates
Secure Scheduler for Exchange uses a subset of the jinja2 templating language to create the text used in emails.
For more reference information and to see where else jinja2 templates are used within Pexip Infinity, see Jinja2 templates and filters.
This section lists the variables that can be used when creating templates, followed by some examples.
Variables
The following variables can be used when creating the jinja2 templates used for Secure Scheduler for Exchange. Note that not all variables can be used in all templates; see the descriptions of each template in Single-use VMR configuration, Personal VMR configuration and Single-use VMR email text for a list of which variables can be used in each template.
| Variable | Description |
|---|---|
| Valid for Single-use VMRs | |
| {{addin_server_domain}} |
Inserts the FQDN configured in the Add-in server FQDN field. This FQDN is used by Pexip apps as part of the address to use when connecting to the meeting. |
| {{alias}} |
Inserts the full alias that was generated for the VMR used for this meeting. This is in the format: <prefix><random_number>@domain. |
| {{alias_uuid}} |
Inserts the PXPS:- ID. For more information, see PXPS:- and TOK:- security tags. The Single-use VMR joining instructions template must contain this variable. |
| {{correlation_id}} |
Used in the Reject general error template only Inserts a UUID which can be used to find more information about the error from the administrator log. |
| {{end_time}} |
Inserts the end time of the meeting, as per the meeting request. (This time does not include the Join after buffer.) Note that this uses the format hh:mm on DD/MM/YYYY, e.g. 15:30 on 31/07/2017; this format cannot be changed. |
| {{numeric_alias}} |
Inserts the numeric part of the alias that was generated for the VMR used for this meeting. This is in the format: <prefix><random_number>. |
| {{organizer_email}} |
Inserts the email address of the meeting organizer. |
| {{organizer_name}} |
Inserts the name of the meeting organizer, as it appears in the meeting invitation. |
| {{start_time}} |
Inserts the start time of the meeting, as per the meeting request. (This time does not include the Join before buffer.) Note that this uses the format hh:mm on DD/MM/YYYY, e.g. 15:30 on 31/07/2017; this format cannot be changed. |
| {{subject}} |
Inserts the subject line of the meeting invitation sent by the meeting organizer. Note that this information is visible to anyone with access to the Management Node, so do not use this variable if privacy is an issue. |
| Valid for Personal VMRs | |
| {{addin_server_domain}} |
Inserts the FQDN configured in the Add-in server FQDN field. This FQDN is used by Pexip apps as part of the address to use when connecting to the meeting. |
| {{aliases}} | Provides access to a jinja2 list object which contains all aliases configured for the personal VMR. You can then access any particular alias by using a list index. See the Personal VMR joining instructions template for example usage. |
| {{allow_guests}} | Returns true or false, which can then be used in an if statement. See the Personal VMR joining instructions template for example usage. |
| {{description}} | Inserts the configured Description of the personal VMR. |
| {{domain_aliases}} | Provides access to a jinja2 list object which contains all aliases configured for this personal VMR that include the @ character followed by a domain. You can then access any one of these aliases by using a list index. See the Personal VMR joining instructions template for example usage. |
| {{guest_pin}} | Inserts the configured Guest PIN of the personal VMR. |
| {{name}} | Inserts the configured Name of the personal VMR. |
| {{numeric_aliases}} | Provides access to a jinja2 list object which contains all aliases configured for this personal VMR that include only digits. You can then access any one of these aliases by using a list index. See the Personal VMR joining instructions template for example usage. |
| {{other_aliases}} | Provides access to a jinja2 list object which contains all aliases configured for this personal VMR that do not include either the @ character followed by a domain, or only digits. You can then access any one of these aliases by using a list index. See the Personal VMR joining instructions template for example usage. |
| {{owners_email}} | Inserts the configured Owner's email address of the personal VMR. |
| {{pin}} | Inserts the configured Host PIN of the personal VMR. |
| {{service_type}} | Inserts a string to indicate whether the personal VMR is a "conference" (Virtual Meeting Room), "lecture" (Virtual Auditorium), or "two_stage_dialing" (Virtual Reception). |
|
|
|
Examples
Hiding the meeting subject
By default, the meeting subject is saved to the corresponding scheduled VMR's Name and Subject field. These will be visible to administrators from the Management Node Administrator interface when Managing Exchange Scheduler conferences. The meeting name is also shown to participants accessing the scheduled conference from a Virtual Reception.
If you do not want the subject to be visible, you must change the Conference name template and Conference subject template fields on the associated Secure Scheduler for Exchange Integration.
For example, to replace the meeting subject with the organizer's name for any meetings that have the word "Confidential" in the subject, use the following values:
Conference name template:
{% if "confidential" in subject.lower() %}
Confidential Meeting - ({{organizer_name}})
{% else %}
{{subject}} - ({{organizer_name}})
{% endif %}
Conference subject template:
{% if "confidential" in subject.lower() %}
Confidential Meeting - ({{organizer_name}})
{% else %}
{{subject}}
{% endif %}
In the above example, if Alice Jones scheduled a meeting with the subject Merger discussions - Confidential, this would appear in the Management Node Administrator interface as Confidential Meeting - Alice Jones.
Deleting and replacing Secure Scheduler for Exchange Integrations
If you delete an existing Secure Scheduler for Exchange Integration and replace it with another, you must also re-generate and re-install the add-in XML file, even if the configuration of the new integration is identical to that of the old one.
Using multiple Secure Scheduler for Exchange Integrations
Different groups of users within the same Microsoft Exchange deployment
You can provide different groups of users within your Microsoft Exchange deployment with different options when using the Secure Scheduler for Exchange feature. For example, you may wish to vary the prefix used as part of the VMR alias, or use different text for the joining instructions. To do this, create multiple Secure Scheduler for Exchange Integrations that connect to the same Exchange environment. (Note however that each integration must have a separate equipment resource.)
Each integration that you create has an associated add-in which you can then make available to specific users by using Exchange PowerShell commands.
The diagram below shows a single Pexip Infinity deployment with two Secure Scheduler for Exchange Integrations to the same Microsoft Exchange deployment. Each integration uses the same EWS URL and is configured with the FQDNs of all the Exchange servers in the Exchange deployment.
The first connection provides an add-in for sales staff; the second provides an add-in for development staff. Both add-ins are uploaded to Microsoft Exchange, but each user only sees the add-in relevant to their group.
Different Microsoft Exchange deployments
If you are a service provider, you can configure one or more Secure Scheduler for Exchange Integrations for each of your customers.
The diagram below shows a single Pexip Infinity deployment with two integrations to two different Microsoft Exchange deployments. The first connection provides an add-in for everyone at Example Corp; the second provides an add-in everyone at Acme Corp.
Next step
- Making the add-in available to users within your Exchange deployment.