2978862 - Interview Scheduling Outlook Integration Using Modern Authentication - Recruiting Management

This article provides the information on the setting up Recruiting Management's Outlook Integration with Modern Authentication with Microsoft. Prior to Second half 2020 release, Interview Scheduling with Outlook Integration (ISOI) only supports Basic Authentication as it primarily uses Exchange Web Services.

As of 2H 2020 release, Interview Scheduling Outlook Integration now supports integration with Microsoft Exchange Online and Microsoft Office 365 using Modern Authentication. Exchange Online supports this integration with or without multifactor authentication enabled. 

As of October 2022, Microsoft fully disabled Basic Authentication and Basic Authentication is henceforth no longer Supported by SuccessFactors. 

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

SAP SuccessFactors Recruiting Management

Before enabling Exchange online and to know the pre-requisites, please review these links below:

Technical Details for Interview Scheduling Outlook Integration Using Modern Authentication
Integrating Interview Scheduling with Microsoft Office Outlook Using Modern Authentication

NOTE: There are two types of authentication available for service principals: password-based authentication (application secret) and certificate-based authentication.  As of 2H 2020 release, Interview scheduling with Outlook Integration that uses Modern Authentication only supports password-based authentication which is through creating a new application secret.


Steps on enabling Interview Scheduling with Outlook Integration and using Modern Authentication: 

1. Login and access "Set Up Interview Scheduling Outlook Integration" admin page
2. A new radio button 'Exchange Online' is displayed
   
3. Select Exchange Online
4. Fill in all the configuration details (the details will come from azure portal which requires engagement of your internal Exchange / System or Network Admin)
   Application (client) ID: The unique application or client ID assigned to your application registered in Azure Active Directory. You can find this information on your application registration page on the Azure portal.
   Client Secret: The client secret value you generated for your application in Azure Active Directory. This value is the password used by the application to authenticate with the Microsoft identity platform when requesting for a token.
   Directory (tenant) ID: The globally unique identifier (GUID) that is different than your organization name or domain. You can find this information on your application registration page on the Azure portal.
   Email ID: The email ID of the Service Account associated with your application registered in Azure Active Directory, for example: Interview.Scheduling@customerdomain.com.
   Azure AD Endpoint: The endpoint URL of the Service Account associated with your application registered in Azure Active Directory. By default, this field contains the URL for public cloud: https://login.microsoftonline.com.
   NOTE: Ensure that you grant admin consent for the following Graph API permissions for sending or receiving emails, and accessing the calendars of organizers and interviewers:
   
   Delegated Permissions:
   Calendars: Calendars.Read.Shared, and Calendars.ReadWrite.Shared
   
   Application permissions:
   Calendars: Calendars.Read, Calendars.ReadWrite
   Mail: Mail.ReadWrite and Mail.Send
   Note: Ensure the permissions being provided are to the graph APIs and not Exchange Online. 
   
5. Click on 'Verify' which is present in Test Connection section
6. If connection is successful, click on  "Establish Outlook Integration for Interview Scheduling" check
   
7. Click on Save button at the bottom of the page
8. Click on Ok on the Confirm pop up
   
9. After successfully saving the Exchange Online configuration, you can also see that Exchange Web server (Basic Authentication) is already been grayed out which means that we cannot revert back to Exchange Web server option after enabling Exchange Online:
   

Security Considerations

Due to varying use cases that Interview Scheduling requires - involves create, send, update, and delete meeting requests along with checking the availability of the interviewers and organizers , the integration requires Application permissions for Calendars.read and Calendars.read.write. But, if the customers want to read about these permissions and their respective use case they can go through.
The Microsoft Permission guide: https://docs.microsoft.com/en-us/graph/permissions-reference explains all these permissions in details which explains that no user details can be accessed directly.

Also, to control mailbox and calendar access of an app that has been granted the application permissions in question, it can be done from the Azure application portal side by creating dynamics groups and 
allowing mail-enabled or calendar enabled security group to restrict the app's access to individual or groups. Refer: https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access. This can be done for each of these application permissions. Customers can go through this documentation provided from Microsoft to add any extra layer of security from their side.

NOTE: These configurations in the Azure portal regarding limiting application permissions to specific exchange online inboxes are outside of the scope of Support. SAP will not be able to assist with any issues related to this configurations as these are customizations done outside of SuccessFactors.  When scheduling interviews, the availability will be pulled from your Outlook calendar and the invitations will be automatically sent as meeting requests to Interviewers. Please note that appointments cannot be currently be sent as private.

2997844 - Error on Interview Scheduling with Outlook Integration using Modern Authentication - Recruiting Management

b2011, Outlook Integration, Basic Authentication, Modern Authentication, Exchange Online, Outlook Interview, Interview, Interview Scheduling, OAuth interview scheduling,  OAuth 2.0, Azure, RCM-70148, Recruiting Management, RCM , KBA , LOD-SF-RCM-IVW , Interview Central, Interviews, Scheduling etc , How To