Connector SE – Overview
This topic provides some technical details about connector SE.
Connector SE uses Exchange Web Services (EWS) to access Microsoft Exchange Server. The first version of this API was introduced by Microsoft for Exchange Server 2007 SP1 and enhanced for Exchange 2010.
From October 2020, basic authenticaion is being discontinued by Microsoft. Hence there is a change in authentication process.
- For On-line exchange access, the Aurea CRM Connector SE uses OAuth for authentication. For authorization, the application (connector) impersonates bases on the API permissions assigned to it in the active directory. For further details, see Configuring OAuth in Azure active directory admin center.
- For On-premise access, the Aurea CRM Connector SE continues to use a service
account for authentication in the Exchange environment – this technical
account must have the right to impersonate the users, whose mailboxes are
supposed to be synchronized (more precisely this technical user must have
the role
ApplicationImpersonationassigned).This means that connector SE performs its operations by using the permissions that are associated with the impersonated accounts (as opposed to the "classic" connector, which uses the permissions that are associated with the administrative account).
The scope of users to be impersonated can be defined very precisely – you can either select all users in the Exchange Organization, certain groups of users or even specific single users. See the Microsoft MSDN article at Configuring Exchange Impersonation for further details.
A very similar mechanism is used by connector SE to impersonate users in Aurea CRM as well, which means connector SE acts in the rights contexts of the particular user.
The credentials of the above mentioned administrative accounts - (domain) username and password) - are stored in an encrypted XML file (users.xml). For further details, see Configuration of users, creation of user.xml.
