Switching from Delegation Mode to Application Mode Integration

If you currently have GoBright integrated as Delegate Mode using a Service Account, you must switch to Application Mode Integration which uses an Enterprise Application in Azure instead of the Service Account.

Why you need to switch to Application Mode Integration?

  • Delegate Mode will be made EOL February 2025 by Microsoft for existing installation and from June 2024 for new installations (updating existing integrations is also not possible from June 2024), see: Retirement of RBAC Application Impersonation in Exchange Online
  • Security Improvements
  • Overall stability Improvements

Application Mode Integration integrates GoBright Room Booking with your Azure Tenant relying on an Enterprise application with a set of permissions which define the level of Integration.

There is no Impersonation over mailboxes, as well as no "Full Access" over mailboxes from a service account. No Service Account to get compromised and to compromise the whole system.

 

How to Switch from Delegate Mode to Application Mode Integration?

Switching to Application is very easy, however there are some things to be reconsidered first:

  • When switching to Application Mode, the sync with the Azure Tenant is not simultaneous which means there is some sync time and caching (around 2hrs). At this time, you can expect some down time of the system. So, our advice is to either to this at the end of the working day/week or after linking the Application Mode to unlink it and link back to Delegate Mode, wait out 2hrs and then link back to Application Mode.
  • To link the Application Mode Integration, a Global Admin in the Azure tenant is needed because the Enterprise App and the Permissions must be created.

Switching the Integration Mode from Delegate Mode to Application Mode

  1. You must go to your GoBright Portal and open the Admin Center by clicking the four squares at the top right corner and pressing Admin Center. After that you need to go to Integrations.admincenter.png
  2. Open your O365 Integration. Here everything should be Linked and green.delegatemode.png
  3. Unlink the first option "Status Office 365 (Tenant link)" and it should say Not linkednotlinked.png
  4. Switch the Permission Mode from "Delegate Mode" to "Application Mode, using application access" and press Save at the top Right Cornerpermissionapplicationmode.png
  5. Open the O365 Integration again and press the Link Tenant green button, enter your Global Admin Credentials and accept the Permission Requestappmode1.pngappmode2.png
  6. Now your Azure Tenant is linked with the Application Mode Integration, and you need to Link the Calendar & Teams Integration if you use GoBright Room Booking. Press the green Link button, enter your Global Admin Credentials and accept the Permission Requestappmode3.pngappmode4.png
  7. The switch to Application Mode now is completed and all the links should be Linked and green. For more insight into the Application Mode Integration, you can check its own article. After this is completed and you are satisfied with it, the Service Account can be also deleted as it won't be in use anymore.appmode5.png

Important to realize that you have to do this procedure with your current integration. When you add a new integration with Application mode next to the existing Delegate mode integration it will give you more work because you have to switch the integration of every single room and user account in the portal manually.

To prevent you for having this amount of work: Don't add a new integration but simply follow those described steps by unlinking the existing integration and linking this integration again with application mode enabled.

0 out of 0 found this helpful