Context
This article describes the steps for setting up an Email Service Account in Exchange (Microsoft). See Understanding Email Service Accounts.
Steps
1. Sign in to your Office365 Administrator account. ( https://admin.microsoft.com)
2. Click the App Launcher icon in the top left-hand corner and then click Admin.
3. Click Users from the left-hand sidebar
- Click Active Users from the sub-menu.
- Click Add Users.
4. Create a user with the following details:
- First Name: Demandbase
- Last Name: Service-Account
- Username: demandbase-service-account
- Password Settings: Let me create the password (Generate a strong password and make note of it.)
- Uncheck Require this user to change their password when they first sign in.
- Click Next to continue.
- Select the Assign user a product license option and click Next to continue.
- Accept the default values on the Optional settings page and click Next to continue.
- Review the assigned settings and click Finish Adding to create the service account user.
5. Now you need to assign the Exchange permissions to your service account.
- Expand the Admin Center menu and click Exchange.
- In the new Exchange admin center dashboard window that opens, click permissions from the left-hand side menu.
6. Add a New Role Group by clicking the + sign.
- Name: User Impersonate
- Description: Allow this user to impersonate other user's mailboxes for Demandbase service account
- Write Scope: Default
- Role: Click the + sign and add ApplicationImpersonation
- Members: Click the + sign and add the demandbase-service-account user
- Click Save.
7. Configure Service Account for Specific Users or Groups of Users
To configure the service account for specific users or groups of users, follow the directions below, otherwise skip to Step 8.
https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-configure-impersonation
Open the Exchange Management Shell. From the Start menu, choose All Programs > Microsoft Exchange Server.
Run the New-ManagementScope cmdlet to create a scope to which the impersonation role can be assigned. If an existing scope is available, you can skip this step. The following example shows how to create a management scope for a specific group.
The RecipientRestrictionFilter parameter of the New-ManagementScope cmdlet defines the members of the scope. You can use the properties of the Identity object to create the filter. The following example is a filter that restricts the result to a single user with the user name "john."
Name -eq "john"
Run the New-ManagementRoleAssignment cmdlet to add the permission to impersonate the members of the specified scope. The following example shows how to configure a service account to impersonate all users in scope:
After your administrator grants impersonation permissions, you can use the service account to make calls against other users' accounts. You can verify role assignments by using the Get-ManagementRoleAssignment cmdlet.
8. Add your service account to Demandbase.
- In Demandbase, click the cogwheel Settings icon in the left panel.
- Under Platform, click Email Service Account.
- Click Connect Service Account.
- Click Login with Exchange.
- Enter the email address for the Email Service Account.
- Enter the password for the Email Service Account.
- Grant the requested permissions.
- Click Yes to stay signed in.