This guide will show you how to create one Azure application for Exchange, user import and SSO integration, so you only need one application instead of one for each.
If you only want to setup an Exchange integration, please see this guide instead oAuth for Planner, or how to set up Exchange integration for Office 365 / Exchange online
You will need administrator rights in Pronestor Planner and Azure Active Directory. This guide uses the demo site https://guidedemo.tryingplanner.com/ as an example, please remember to use your own Planner link instead.
Table of content:
Set Planner as trusted domain on your Azure
Note, this is essential for Single sign on, but if you don't need single sign on, you can skip this chapter and chapter "Set Application ID URI"
Login to your azure at https://portal.azure.com/
Scroll down and click "Custom domain names"
Click "+Add custom domain"
Type in your link. The link needs to be based on your Planner url. In the picture I used guidedemo.tryingplanner.com but your link should be [customername].pronestor.com where [customername] is replaced with your customername.
Click "Add domain"
Then you get your Destination or points to address. Please copy it since you need to send it to firstname.lastname@example.org for verification.
Create an application
Login to your azure at https://portal.azure.com/
Click "App Registrations"
Click "+New registration"
Give the Application a name and choose single tenant and click register
Set Redirect URIs
Click "Add a Redirect URI"
Click "+Add a platform"
Now you need to add a link. The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/Login but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.
Then click "Configure"
Click "Add URI"
Here we add another URL that you need to build. The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/RedeemAuthorizationCode but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/RedeemAuthorizationCode where [customername] is replaced with your customername.
Then click "Save"
Set Application ID URI
Click "Add an Application ID URI"
The link needs to be based on your Planner url. In the picture I used https://guidedemo.tryingplanner.com/Booking.NET/Login.mvc/Login but your link should be https://[customername].pronestor.com/Booking.NET/Login.mvc/Login where [customername] is replaced with your customername.
Fill in the link and click "Save"
- Choose “API permissions”
- Add the following permissions – using Microsoft Graph → Application
These rights are used by the user import to read your groups and users properly.
Click "Add a permission"
Click "APIs my organization uses"
Click "Office 365 Exchange Online"
Choose "Application permissions"
API Permissions → Add a permission → Exchange → full_access_as_app
This right lets the application connect with Exchange
Connecting AD import
See our guide that includes advice on your ad groups. https://helpdesk.pronestor.com/hc/en-us/articles/360035378312-Azure-Active-Directory-integration
This should be done AFTER you have imported users, or you won't be able to login.
Send an email to Helpdesk@pronestor.com with:
- Your sitename, for example https://[customername].pronestor.com where [customername] is replaced with your customername.
- Your Destination or points to address - unless you remembered to send it in the earlier step.
- Your Tenant ID
Then the Helpdesk will enable it.
Connecting Exchange integration
Open your Planner site
Go to Administration -> Settings
Click Exchange - note if you don't have exchange as an option, please contact Helpdesk@Pronestor.com to get Exchange enabled
Click "Exchange online"
Click "Use OAuth"
Fill out Application ID and Directory id
Fill in a default booker. This user is used as the host if the host in Exchange doesn't exist in Planner. We recommend using a system user and not a real user for this fallback mechanism.
Click "Create new certificate"
This will download a certificate that needs to be added to your Azure application to authorize communication between Planner and Exchange.
Open Azure and find your application
Click "Certificate & secrets"
Click "Upload certificate" and find the downloaded file.
You're done in Azure, return to Planner
Click "Test connection"
If the little text up here changes to "OK" and that means it is configured correctly.
Troubleshooting - most common errors
The AADSTS700016 Error:
This following error is generated because there is missing an Application URL ID.
Which need to be set under the app registration - Expose an API as shown in the video below.
The URL ID you need to set is:
But instead of [booking], you need to type in your site name
The Import From Azure Error:
The following Error is generated by a faulty Client Secret.
The following error shows when doing an import:
"Microsoft.Identity.Client.MsalServiceException: 401: Unauthorized - invalid_client. at PronestorWebAdmin.MsGraph.MsGraphAuthenticator.HandleMsalServiceException(MsalServiceException)"
the Error is resolved by going to your Pronestor app registration - Certificates & Secrets
and then renewing and setting a new Client Secret as shown in the video below.
The Error 500 when accessing "My settings"
When ever a user tries to go to the tab "My settings" they are the met with an "Error 500" page.
It is caused by either a missing or incorrect URL setting in the App registrations - Authentication section.
It can be fixed be setting the URL
Here you have to remember that [booking] needs to be changed into your own site name
Failed to update Application ID URI application property error
This means the Client id or url is incorrect. Please doublecheck that it is filled out according to the guide