Microsoft 365 / Exchange Online

Content

1 Client Secret Credential authentification failed (occurs just with “Application Permission”)
2 Code: ErrorInvalidUser / Error no access / access denied
3 Code: ErrorAccessDenied ODATA disabled
4 SSO Approval required / Admin Consent Request in EntraID
5 Code: Lifetime validation failed, the token is expired.

If you followed the mentioned steps and still face the same issue, feel free to contact us under https://roomzio.atlassian.net/wiki/spaces/SUP/pages/282492929

Client Secret Credential authentification failed (occurs just with “Application Permission”)

This error occurs when the client secret of the application (in Entra ID) has expired (max. 24 month)

Go to your “Entra ID” search for our ROOMZ application and create a new client secret, make sure to copy the value key. Navigate back to the ROOMZ portal and under setup > booking system > settings insert the new key.

https://roomzio.atlassian.net/wiki/spaces/SUP/pages/611975392/Microsoft+365+Exchange+Online+FAQ#How-to-renew-the-client-secret-(For-application-permission)

Code: ErrorInvalidUser / Error no access / access denied

If you have this or similar errors its common that your application or user don’t have access to the resource yet. Make sure all the commands from our configuration guide were executed successfully https://roomzio.atlassian.net/wiki/spaces/SUP/pages/280723586

If you’ve done the configuration correctly, check the actual permission on the resource with the following Powershell command

Get-MailBoxPermission “resource email”

Code: ErrorAccessDenied ODATA disabled

If you have this error, most likely the resource isn’t part of the mail enabled security group yet, so the application doesn’t have access to it. Add the resource to the security group over PowerShell command or https://roomzio.atlassian.net/wiki/spaces/SUP/pages/529924106/Microsoft+365+Application+Permission+Security+group#2.2-Graphical-user-interface to solve the issue.

Add-DistributionGroupMember -Identity "name of group" -Member "resource email"

SSO Approval required / Admin Consent Request in EntraID

To allow ROOMZ to authenticate the users with Microsoft, you need to accept the permission from the ROOMZ Enterprise app. Once the admin consent request was sent (upon first login), an EntraID admin needs to approve the request. Please refer to following screenshot to see where he can find and approve the request. More information about our Microsoft SSO function to login to our portal: https://roomzio.atlassian.net/wiki/x/AQBZH

Code: Lifetime validation failed, the token is expired.

This error occurs when the MFA of the user is invalid

To solve the issue, you need to relogin with the service user again to the booking system: https://roomzio.atlassian.net/wiki/spaces/SUP/pages/385122305/Microsoft+365+Delegation+Permission#5%EF%B8%8F%E2%83%A3-Create-the-booking-system-in-the-ROOMZ-Portal

After you are logged in, you need to end with “Save”. The Connection to the booking system should now work again.