Note: This only applies to Exchange On-Premise. Connecting to Office 365 requires client credentials flow and does not require ApplicationImpersonation or a service account. |
Riva Cloud CORPORATE is designed to use a single connection to an Exchange system to synchronize data on behalf of multiple users. Using this configuration, Riva Cloud uses the credentials of the "connection user" to IMPERSONATE into the mailbox of each "target" user (Exchange) to synchronize CRM data with that user account. If you are connecting to Exchange, the Riva Cloud connection must use the EWS login credentials of an Exchange user configured with full access permissions to the "target" user mailboxes.
Purpose
This article describes the preparation work required for an Exchange Web Services connection to support a Riva Cloud CORPORATE subscription.
System requirements and preparations for Riva Cloud Corporate EWS connections include:
- Supported Exchange systems;
- Exchange Web Services;
- Prepare the Riva connection user for Exchange:
- Prepare the target user Exchange accounts.
Supported Exchange Systems
Riva Cloud Corporate can sync to the following certified Exchange systems:
-
Microsoft 365 - Exchange Online;
- On-Premises Exchange:
- Exchange 2016,
- Exchange 2013,
- Exchange 2010,
- Exchange 2007 SP1 Rollup 1 or higher;
-
Commercial Exchange Hosting Services: Exchange 2016, 2013, 2010, and 2007.
Riva Cloud Connects to Exchange Web Services Only (Exchange Admins)
The Riva Cloud Exchange connections must connect to the URL for your EWS server:
-
Riva can discover the correct EWS URL from the system Outlook Web Access login URL, if the Auto-Discover service for the target Exchange system is enabled and properly configured, OR
-
You need to know the EWS URL, for example, https://mail.example.com/ews/Exchange.asmx.
Use the online Exchange connection test utility: https://www.testexchangeconnectivity.com/. -
Refer to: How to locate Exchange Web services URL and what version for Exchange 2003-2016 and Office 365.
Prepare the Riva Connection User for Exchange
To support the IMPERSONATION concept explained above, you need to prepare an Exchange mailbox user for the Riva Cloud service to connect to your Exchange system and impersonate the user mailboxes that will be synced. See below for the version of Exchange used in your environment:
Microsoft Office 365 - Exchange Online
The Riva connection user must be a mailbox user granted privileges or permissions to gain full access to the target user's mailboxes. Use an existing mailbox user, or create a mailbox user (for example named svc_rivasync) that will be used to authenticate to Exchange. Ensure that this user is configured to meet the following requirements:
-
Recommended: Configure the account password never to expire or change.
-
This user must be a fully-enabled Exchange mailbox user visible on the Exchange Global Access List (GAL).
-
Assign Exchange application impersonation OR "Delegate Full Access" permissions: Prepare Office 365 Riva connection user permissions.
On-premises Exchange 2016, 2013, 2010, or 2007
The Riva connection user must be granted full access permissions to the target user's mailboxes. Use an existing user mailbox or service account mailbox, or create an AD/Exchange user (for example named rivasvc) that will be used to authenticate to Exchange. Ensure that this user is configured to meet the following requirements:
-
Note: If a password change policy forces credentials to expire, ensure that the credentials are updated in Riva at the same time.
-
This user must be a fully enabled Exchange mailbox user that is visible on the Exchange Global Access List (GAL).
-
This account must not be a member of the Domain Admins group.
-
Assign Exchange impersonation (Exchange 2010+) or full access permissions (Exchange 2007). See Prepare the Riva connection account for on-premises Exchange.
-
After the Riva connection account for Exchange is configured, test access to the target users.
Commercially hosted Exchange providers (Exchange 2016, 2013, 2010, or 2007)
The Riva connection user must be granted full access to the target user's mailboxes. Use an existing mailbox user, or create a mailbox user (for example, named rivasvc) that will be used to authenticate to Exchange. Ensure that this user is configured to meet the following requirements:
-
Recommended: Configure the account password never to expire or change.
-
This user must be a fully enabled Exchange mailbox user visible on the Exchange Global Access List (GAL).
-
Prepare the Riva connection account for Hosted Exchange Services: Riva Cloud supports all Exchange 2016, 2013, 2010, and 2007 hosted systems. Commercial-hosted Exchange services provide a management panel through which the company admin account can manage mailbox permissions. Refer to the following Knowledge Base articles that explain the procedures. If your service is not listed, follow the procedures that are similar to your hosted Exchange service or contact your Exchange provider for assistance:
-
After the Riva connection user for Exchange is configured, test access to the target users.
Prepare the Target Users in Exchange
Riva Cloud requires several key actions to be completed for each target user mailbox:
-
First Logon to Exchange: If users are logged in to Exchange when their account is initialized with Riva, they need to log out and log back in to see the folders that are created by Riva during the account initialization.
-
Primary SMTP Email Address: The primary SMTP email address account in Exchange must match the primary email address account for the corresponding CRM account.
-
Global Access List: The target user mailbox must be visible in the Global Access List (GAL).