2978862 - Interview Scheduling Outlook Integration Using Modern Authentication - Recruiting Management

This article provides the information on the setting up Recruiting Management's Outlook Integration with Modern Authentication with Microsoft. Prior to Second half 2020 release, Interview Scheduling with Outlook Integration (ISOI) only supports Basic Authentication as it primarily uses Exchange Web Services.

As of 2H 2020 release, Interview Scheduling Outlook Integration now supports integration with Microsoft Exchange Online and Microsoft Office 365 using Modern Authentication. Exchange Online supports this integration with or without multifactor authentication enabled. 

As of October 2022, Microsoft fully disabled Basic Authentication and Basic Authentication is henceforth no longer Supported by SuccessFactors. 

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

SAP SuccessFactors Recruiting Management

Before enabling Exchange online and to know the pre-requisites, please review these links below:

Technical Details for Interview Scheduling Outlook Integration Using Modern Authentication 
Integrating Interview Scheduling with Microsoft Office Outlook Using Modern Authentication 

NOTE: There are two types of authentication available for service principals: password-based authentication (application secret) and certificate-based authentication.  As of 2H 2020 release, Interview scheduling with Outlook Integration that uses Modern Authentication only supports password-based authentication which is through creating a new application secret.

Steps for Integration:

1. Access Setup Page:

   • Login and navigate to "Set Up Interview Scheduling Outlook Integration."
   • Select the 'Exchange Online' radio button.
     
     

2. Configuration Details:

   • Populate necessary details sourced from the Azure portal:
     • Application (Client) ID: Unique identifier assigned in Azure Active Directory.
     • Client Secret: Password for application authentication.
     • Directory (Tenant) ID: Globally unique identifier for your Azure directory.
     • Email ID: Email of the Service Account (e.g., Interview.Scheduling@customerdomain.com).
     • Azure AD Endpoint: Endpoint URL, typically https://login.microsoftonline.com.

3. Graph API Permissions:

   • Ensure admin consent for these permissions:
     • Delegated Permissions: Calendars.Read.Shared, Calendars.ReadWrite.Shared.
     • Application Permissions: Calendars.Read, Calendars.ReadWrite, Mail.ReadWrite, Mail.Send.
   • Confirm permissions apply to Graph API, not Exchange Online.

4. Verification and Finalization:

   • Click 'Verify' under Test Connection.
     
     
   • If successful, proceed to "Establish Outlook Integration for Interview Scheduling."
   • Save the configuration and confirm via the pop-up.

5. Security and Switching Considerations:

   • Exchange Web server (Basic Authentication) will be grayed out, indicating irreversible switch to Exchange Online.
   • Application permissions facilitate create, send, update, and delete meeting requests, and checking availability.
   • Use Microsoft's Permission Guide to understand permissions, ensuring secure application access via Azure portal configurations.
6. Click on Save button at the bottom of the page
7. Click on Ok on the Confirm pop up
   
8. After successfully saving the Exchange Online configuration, you can also see that Exchange Web server (Basic Authentication) is already been grayed out which means that we cannot revert back to Exchange Web server option after enabling Exchange Online:
   
   
   

Security Considerations:

Due to varying use cases that Interview Scheduling requires—involving creating, sending, updating, and deleting meeting requests along with checking the availability of the interviewers and organizers—the integration requires Application permissions for Calendars.Read and Calendars.ReadWrite. If customers want to read about these permissions and their respective use cases, The Microsoft Permission guide: https://docs.microsoft.com/en-us/graph/permissions-reference explains all these permissions in detail, ensuring that no user details can be accessed directly.

To control mailbox and calendar access of an app that has been granted the application permissions in question, it can be done from the Azure application portal side by creating dynamic groups and allowing mail-enabled or calendar-enabled security groups to restrict the app's access to individuals or groups. Refer: https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access. This can be done for each of these application permissions. Customers can go through this documentation provided from Microsoft to add any extra layer of security from their side.

NOTE: These configurations in the Azure portal regarding limiting application permissions to specific Exchange Online inboxes are outside of the scope of Support. SAP will not be able to assist with any issues related to these configurations as these are customizations done outside of SuccessFactors. When scheduling interviews, the availability will be pulled from your Outlook calendar and the invitations will be automatically sent as meeting requests to interviewers. Please note that appointments cannot currently be sent as private.

Microsoft Graph API Permissions Overview:

• Application Permissions: Granted to applications for operations on behalf of users without requiring individual consent.

  • Key Characteristics: Facilitate background operations, use secure tokens, and restrict access via mail-enabled security groups.
  • Use Cases: Automating availability checks, sending invites, updating responses, executing background jobs.

• Delegated Permissions: Require explicit user consent for access to calendar and mail data.

  • Key Characteristics: User consent is mandatory, increasing complexity when not all users approve.
  • Use Cases: Real-time actions and manual scheduling changes.

Preferred Permissions and Limitations:

Application Permissions provide centralized, secure user calendar access, delivering seamless scheduling and management without user intervention. Delegated Permissions pose limitations due to the manual approval requirement, potentially blocking scheduling operations if consent isn't universally granted.

By following these steps and understanding the permissions, SAP SuccessFactors Interview Scheduling can be integrated securely and efficiently with Microsoft Outlook for improved productivity and streamlined operations.

2997844 - Error on Interview Scheduling with Outlook Integration using Modern Authentication - Recruiting Management

b2011, Outlook Integration, Basic Authentication, Modern Authentication, Exchange Online, Outlook Interview, Interview, Interview Scheduling, OAuth interview scheduling,  OAuth 2.0, Azure, RCM-70148, Recruiting Management, RCM , KBA , LOD-SF-RCM-IVW , Interview Central, Interviews, Scheduling etc , How To