Configuring Platform Services in the Admin Portal

To begin configuration of EMS Platform Services, navigate to the EMS Platform Services Admin Portal using the Platform Services admin URL (e.g., https://yourcompany.com/EMSPlatform/admin). From the EMS Platform Services Admin Portal, you can clear the cache, view license and application information, configure authentication methods, manage integration clients, and view logs.

EMS Platform Services Admin Portal consists of the following:

ClosedHome

When logged into EMS Platform Services Admin Portal from an EMS Everyday User account with a Web Admin security role, you can perform Administrative Functions, such as Clearing the Cache and viewing License and Application Information.

Clear the Cache

The cache must be cleared in EMS Platform Services and the EMS Web App whenever parameter changes are made in the EMS Desktop Client. 

To clear your cache and have EMS Platform Services re-read the database parameters:

  1. From the Home tab, click Clear Cache

  2. You will receive a notification that the cache has been cleared successfully.

ClosedIntegrations

You can manage your EMS Integrations from the Integrations tab. From here, you can create, edit status, delete integration clients, or reset the Client Secret.

Create a New Integration Client

  1. Navigate to the Integrations tab on the EMS Platform Services Admin Portal. From this screen, you can view a list of integrations and their statuses.

  2. To create a new integration client, click the New Integration Client button.

  3. Create a client Name.

  4. From the Type field, choose either Custom or Partner.

  5. Choose a Role from the field. The Active box is checked by default. This indicates that your integration is active.

  6. Click Enable Logging to view the logs for this integration through the Log section of the Admin Portal.

  7. Configure User Authentication.

    1. To designate the Client as an Everyday User, check the Everyday User Authentication Required box. If this box is not checked, all other options for everyday user authentication will be inaccessible. Header, OpenID, and SAML are configured from the EMS Platform Services Admin Portal.

    2. Check the User Authentication is Persistent box to allow users to remain logged in.

    3. The default for Token Duration is one day (1440 minutes). Customize this duration by entering a number of minutes in the field.

    4. Choose an authentication method from the Everyday User Authentication Method field. The Header, OpenID, and SAML authentication settings are applied globally. All Integration Clients with these authentication types selected will default to these settings. Your choices include:

      • EMS Native – Authenticates users via Everyday Application User (webuser) credentials stored in the EMS database. No additional authentication configuration is required.

      • Header – If this authentication is chosen, you must navigate to the Header tab. Enter the Header Variable and click Save Changes. See Also: Portal Authentication Methods.

      • LDAP – This authentication provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS Everyday applications. See Also: LDAP Authentication.

      • NTLM – To configure NTLM authentication, click the Enable NTLM For EMS Everyday User Authentication box during installation. See Verifying NTLM Authentication to complete this authentication.

      • OpenID – If this authentication is chosen, navigate to the OpenID tab and complete the required fields.

      • SAML – If this authentication is chosen, navigate to the SAML tab and complete the required fields.

  1. Based on client type, EMS Platform Services checks against license count, and current number of "active" integration clients. If license count is 0 or equal to the current number of "active" clients, then EMS Platform Services denies the request to add an additional client. You must set the existing client to inactive or increase your license count via normal licensing processes. Please refer to Licensing Requirements for more details.

  2. Click Save Client. A Client ID and Secret pair is generated once the Integration Client is successfully saved. Copy and save the Client Secret in a secure location. You will NOT be able to retrieve the Client Secret. To obtain a new Client Secret, you will need to reset it. See Also: Reset Client Secret.

Important!

Partner and Custom types can be classified as either of the following client sub-categories: User-based and Non-user based.

User-based: User-based clients (EMS Mobile, EMS for Outlook) need to authenticate as a user to perform any actions. These clients need an integration client role with minimal access to the following API resources (above and beyond public resources):
/authentication
/logging

Non-user based: Non-user based clients (EMS Kiosk, EMS Room Sign App) provide functionality independent of users but also support user-like functionality (such as Check-In or on-the-fly room reservations). These clients need a role with wider access.

Reset the Client Secret

  1. Navigate to the Integrations tab on the EMS Platform Services Admin Portal.

  2. Select the Integration Client.

  3. Click Reset Secret.

Booking Rules

The following booking rules are validated by each of these calls.

Call BOOKING RULES

Create Reservation

Web template must exist (for user)

 

Web template must be associated with the proper rooms

 

Max bookings

 

Date limit

 

Max bookings per date range

 

Max bookings per date

 

Max minutes

 

Twenty four hour max

 

Booking cutoffs

 

If VC—must have host/host group

 

Event Type ID must be valid

 

If Exchange, Exchange ID must be valid (reaches out to Exchange)

 

PROC: Handle setting conflict status if necessary

Availability

User has template

 

Template is active

 

Must have time zone record for the room

 

24 Hour max

 

Max minutes

 

No bookings in past

 

Inventory (e.g., projector)

 

Cutoffs

 

Last allowed date

 

Max bookings per date

 

Max bookings before last date

 

Building Hours

 

Blocking bookings

Add Booking

Reservation must exist

 

Template must exist for user

 

Max bookings

 

Max minutes

 

Twenty four hour max

 

Booking cutoffs

Edit Booking

License

 

Web template / user

 

Template access ("template mode")

 

Room access (must be in template, and not be the calendaring TBD room)

 

Not crosslisted

 

Status must allow edits

 

Must not be invoiced

 

Must not have a service order in progress

 

Must not have setup/teardown and be in progress

 

Must not be managed space event in progress

 

Must not be a VC in progress

 

Cutoff rules

 

Last Date rules

 

Category cutoff rules

 

Must not be invited (in calendaring) and be in progress

 

Max bookings

 

Date limit

 

Max bookings per date range

 

Max bookings per date

 

Max minutes

 

Twenty four hour max

 

Booking cutoffs

 

Timezone must exist

 

PROC: Cutoff rules

 

PROC: Last Date rules

 

PROC: Max Minutes

 

PROC: MaxBookings per day

 

PROC: Categories (Allow weekends, category cutoff rules)

 

PROC: Setup & Capacity Validation

 

PROC: 24 Hours Max

 

PROC: Building Hours

 

PROC: Conflict check

ClosedConnect EMS Web App to EMS Platform Services

Beginning with Update 31, EMS Platform Services is a prerequisite for installing and using the EMS Web App. If EMS Platform Services has not yet been installed in your environment, validate the hardware and software requirements for EMS Platform Services.

If your organization uses the EMS Mobile App, EMS Kiosk App, Google Integration, EMS for Outlook, or SAML authentication, then EMS Platform Services is already running in your environment.

To connect EMS Web App to EMS Platform Services:

  1. Navigate to the EMS Platform Services Admin Portal. 

  2. Select Integrations. Under Clients, click on the EMS Web App link.

  3. Click the Reset Secret button and copy the generated Secret.

  4. In the web.config file located in the designated folder for your current version of EMS, insert the copied Secret ID into the value field. 

        <add key="platformServicesSecret" value="YourSecretID" />
    Important!

    EMS Cloud Services customers do not need to generate a Secret or insert it into the web.config file (Steps 3 and 4).

  5. Clear the cache in EMS Platform Services

  6. In the EMS Desktop Client, navigate to System AdministrationSettings Parameters Everyday User Applications. Configure the Platform Services API URL parameter and then click Close.

ClosedConnect EMS Desktop Client to EMS Platform Services

To connect EMS Desktop Client to EMS Platform Services, follow these steps;

  1. Navigate to the EMS Platform Services Admin Portal.
  2. Select Integrations.
  3. Under Clients, click the EMS Desktop link.
  4. Click the Reset Secret button and copy the generated Secret.
  5. Clear the cache in EMS Platform Services.
  6. In the EMS Desktop Client, navigate to System Administration > Settings > Parameters > Desktop Client.

    Configure the Platform Services Desktop Secret parameter with the secret copied in step 3.

    For versions 220.4 and after, add "/api/v1/" at the end of the Platform API URL. In the absence of this string, EMS Desktop Client will attempt to execute a client authentication call on the wrong URL path and receive a 404 error.

  7. Click Close.

ClosedRoles

Roles are separate entities responsible for capturing the rules associated with authorizing clients and users. These authentication roles allow users to access specific rest API routes. Roles are applied to clients, both user-based and non-user based.

From the Roles tab, you can create new roles or edit existing roles.

Create New Roles

  1. Navigate to the Roles tab on the EMS Platform Services Admin Portal.

  2. Click the New Role button.

  3. Provide a unique Role Name in the Name field.

  4. From the Available Routes list, move the routes you want associated to this role to the Selected list by using the Move (>) arrow.

Edit Existing Role Routes

  1. Navigate to the Roles tab on the EMS Platform Services Admin Portal.

  2. Click on the role route you want to edit. A list of routes associated with the role appears.

  3. From the Available Routes list, move the routes you want associated to this role to the Selected list by using the Move (>) arrow.

ClosedLogs

You can view logs from the EMS Platform Services Admin Portal. You can edit log level details through the default.json file.

There are two types of logs in EMS Platform Services:

  • Global logs: Includes logs only for EMS Platform Services.

  • Integration logs: Includes logs for a selected integration client. Enable logging for any integration client you want to view logs for by choosing a Client from the dropdown.

Edit Log Level Details

  1. Navigate to the Default folder that was created during installation.

  2. Open the default.json file for editing.

  3. Under Logging, set the logLevel field to Debug.

ClosedHeader, OpenID, and SAML (Authentication Options)

EMS supports two authentication types for the EMS Platform Services Admin Portal:

  1. EMS Native authentication – An Everyday User with Everyday User Admin Security Template credentials can log into the EMS Platform Services Admin Portal. Verify license information is correctly reflected on the admin home page.

  2. NTLM authentication – During installation of EMS Platform Services, click the Enable NTLM For EMS Everyday User Authentication box. 

The following authentication methods are EMS Desktop Client-integration specific:

  • Header authentication. See Also: Portal Authentication Methods.

  • LDAP authentication – The LDAP Authentication method provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS applications (e.g., EMS Web App and EMS Mobile App).

  • Open ID authenticationAuthentication with Open ID requires configuration in EMS Mobile App before users can authenticate.

  • SAML authenticationAuthentication with SAML requires configuring set up for EMS Mobile App and EMS Web App prior to beginning the authentication flow.

ClosedAuth Keys

Auth Keys are used for SAML certificates.

To create a new Auth Key:

  1. Navigate to the Auth Keys tab in the EMS Platform Services Admin Portal.

  2. Click New Auth Key.

  3. Provide a Purpose.

  4. Provide a date range for when the Auth Key will be valid by entering dates in the Not Before and Not After fields.

  5. Enter a Public Key (PEM).

  6. Enter a Private Key (PEM).

  7. Click Save Auth Key.

To learn more about SAML certificates refer SAML Authentication.

ClosedCalendaring

Enable G Suite Integration

Google Calendar Integration will allow access to G Suite users’ Google Calendars to provide their free/busy statuses within EMS for scheduling meetings. Everyday Users can see attendee availability directly within the EMS Web App or Mobile App alongside space availability information from the EMS database.

Important!

A license must be imported prior to Enabling G Suite in the EMS Platform Services Admin Portal. See Also: Configure G Suite Integration.

  1. Navigate to the Calendaring tab in the EMS Platform Services Admin Portal.

  2. Upload the JSON file created for your G Suite project. Click Browse to navigate to the file and click Save New Configuration File.

  3. In the Service Account Mailbox field, enter the mailbox address and then click the Update button.

    As of Update 31, a Service Account Mailbox is required for the G Suite Integration. The Service Account Mailbox can be any mailbox within your domain (or your organizational unit if you are not integrating the entire domain). The mailbox does not require special permissions.

  4. Toggle between Enabling and Disabling G Suite Integration by using the Enable G Suite Integration button.

    Known Issue for Update 32If you click the G Suite Integration enable/disable button after the first time the integration is enabled, the integration breaks.

    After you enable G Suite Integration the first time and then click enable/disable again on the Calendaring tab, G Suite Integration stops working.

    To fix the integration:

    1. From the Calendaring tab of the EMS Platform Services Admin Portal, set enable/disable to enabled, then refresh the page.

      • Enabled – red and displays Disable GSuite Integration.
      • Disabled – green and displays Enable GSuite Integration.

    2. Re-upload the JSON file.

      Do not click enable/disable after re-uploading the JSON file.

    3. Once the JSON file has been uploaded, restart the app pool used by EMS Platform Services.

      EMS Cloud Services Customers – EMS Cloud Operations must restart the app pool for EMS Platform Services.

      To request a restart, contact EMS Support.

    Enable Exchange Sync Integration

    Calendaring for EMS for Microsoft Exchange

    Configure your ERI settings in EMS Platform Services Admin Portal as follows: 

    1. Navigate to the EMS Platform Services Admin Portal. 

    2. Select Calendaring > Exchange Sync.

      The Exchange Sync section is only available if you have a valid license.

    3. Complete the following Exchange Sync fields :

      To complete the Exchange Sync fields, you will first need to register a new application for EMS in the Azure Portal under an admin account. You will need the Application ID, Application Secret, and Directory (Tenant) ID from the Azure Portal. See Configure Exchange-to-EMS Sync for ERI for more information.

      Exchange Sync Fields Description
      Application ID In this field, enter the Application (client) ID that you copied when you configured Exchange-to-EMS sync for ERI.
      Application Secret In this field, enter the Application Secret that you copied when you configured Exchange-to-EMS sync for ERI.
      Directory (Tenant) ID In this field, enter Directory (tenant) ID that you copied when you configured Exchange-to-EMS sync for ERI.
    4. In the Exchange Sync Configuration section, set your defaults for the Exchange Sync parameters:

      To properly sync with EMS, reservations created in native Exchange applications, such as Outlook Mobile, must have a Reserve Status, Conflict Status, Cancel Status, Default Group, and Reservation Source (see the following table for details). When Exchange syncs with EMS, the values you have selected for the Exchange Sync parameters will be applied to the reservations.

      Exchange Sync Parameter

      Description

      Values

      Reserve Status

      From the drop-down list, select a Reserve Status to assign to reservations created in native Exchange applications, such Outlook Mobile.

      This is a required field. All confirmed bookings synced from Exchange-to-EMS will have this reserve status.

      All active reserve statuses that have been configured in EMS Desktop Client.

      Conflict Status

      From the drop-down list, select a Conflict Status to assign to reservations created in native Exchange applications.

      This is a required field. All bookings in conflict that are synced from Exchange-to-EMS will have this conflict status.

      All active conflict statuses that have been configured in EMS Desktop Client.

      Cancel Status

      From the drop-down list, select a Cancel Status to assign to reservations created in native Exchange applications

      This is a required field. All canceled bookings synced from Exchange-to-EMS will have this cancel status.

      All active cancel statuses that have been configured in EMS Desktop Client.

      Default Group

      From the drop-down list, select a Default Group to assign to reservations created in native Exchange applications.

      When syncing from Exchange-to-EMS, if a user does not exist in EMS, then the EMS reservation will be assigned to the default group specified in this parameter.

      This is a required field.

      All active groups that have been configured in EMS Desktop Client.

      Reservation Source

      From the drop-down list, select a Reservation Source to apply to reservations created in native Exchange applications.

      When reservations are created in native Exchange apps and then synced with EMS, users can view the source of a reservation in EMS Desktop Client by opening the reservation, clicking the Properties tab, and scrolling to the Source field. Customers can use reports to view the number of reservations created using native Exchange applications, such as Outlook, vs. the number of reservations created using EMS modules, such as EMS Web App.

      This is a required field.

      All active reservation sources that have been configured in EMS Desktop Client. (You can create reservation sources in EMS Desktop Client from Configuration > Other > Reservation Sources.)

      Default Organizer Mailbox

      This is field is only used by EMS Room Sign App and EMS Kiosk App.

      If you are using ERI with EMS Room Sign App and/or EMS Kiosk App, provide a default organizer mailbox. You can also set this value on the PAMConfig.aspx page.

      Text field.

      Enter the email for default organizer.

    5. Click the Enable Exchange Sync button.

      A message will appear stating that Exchange Sync has been successfully configured and asking you to restart the app pool to initiate sync.

      The Enable Exchange Sync button is only available after all the required Exchange Sync fields have been completed.

      Once you have successfully enabled Exchange sync, the Enable Exchange Sync button will toggle to the Disable Exchange Sync button.

    6. Restart the app pool to initiate sync.

ClosedConferencing

EMS integration of Skype for Business allows users to easily integrate instant messaging and audio/video conferencing to their meetings without the need for A/V support. Users can add, join, or modify/cancel Skype for Business meetings added to bookings. See Also: Configure Skype for Business.

To configure Skype for Business in the EMS Platform Services Admin Portal:

  1. Navigate to the Conferencing tab.

  2. Provide a Client Name in the Azure Active Directory Client ID field. This determines the ID of the registered application.

  3. Provide the Azure Active Directory Tenant. This determines the name of the AAD tenant.

  4. Provide the Skype for Business AutoDiscover URL. This performs autodiscovery to find the appropriate server to communicate with. Multiple URLs must be separated by commas and cannot contain any spaces. The client machine and the Web server should have access to the Autodiscover URL.

  5. Choose a Skype for Business Server Authentication Method from the field. This determines the authentication type that is used to generate a token. You can choose from the following authentication methods:

    • NTLM

    • ADFS

    • Username/Password

    • Oauth (Online)

  6. In the Skype Meeting Options area, select an option from the These people don't have to wait in the lobby field. This field determines which participants do not need to wait before joining the meeting. The following options are available:

    • Only me, the meeting organizer

    • People I invite from my company

    • Anyone from my organization

    • Anyone (no restrictions)