Configuring Platform Services in the Admin Portal

When logged into EMS Platform Services Admin Portal from an EMS Everyday User account with a Web Admin security role, you can perform Administrative Functions, such as Clearing the Cache and viewing License and Application Information.

Clear the Cache

Clear the cache in EMS Platform Services and the EMS Web App whenever parameter changes are made in the EMS Desktop Client.

1. From the Home tab, click Clear Cache. 

2. You will receive a success notification.

You can manage your EMS Integrations from the Integrations tab. You can create, edit status, delete integration clients, or reset the Client Secret.

Create a New Integration Client

1. Navigate to EMS Platform Services Admin Portal > Integrations tab.

   A list of integrations and their statuses displays.

2. Click New Integration Client.

3. Create a client Name.

4. In Type, choose either Custom or Partner.

5. Choose a Role.

   Active is selected by default. This indicates that your integration is active.

6. Click Enable Logging to view the logs for this integration through the Log section of the Admin Portal.

7. Configure User Authentication.

   1. To designate the Client as an Everyday User, select Everyday User Authentication Required. If it's not selected, all other options for everyday user authentication will be inaccessible. Header, OpenID, and SAML are configured from the EMS Platform Services Admin Portal.

   2. To allow users to stay logged in, select User Authentication is Persistent.

   3. The default for Token Duration is one day (1440 minutes). To customize this duration, enter the number of minutes.

   4. Choose an authentication method from Everyday User Authentication Method . The Header, OpenID, and SAML authentication settings are applied globally. All Integration Clients with these authentication types selected will default to these settings. Choose one of the following options:

      • EMS Native – authenticates users via Everyday Application User (webuser) credentials stored in the EMS database. No additional authentication configuration is required.

      • Header – if you choose this option, do the following:

        1. Navigate to the Header tab.

        2. Enter the Header Variable.

        3. Click Save Changes.

      • LDAP – LDAP Authentication provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS Everyday applications.

      • NTLM – to configure NTLM authentication:

        1. Select Enable NTLM For EMS Everyday User Authentication during installation.

        2. Follow steps of Verifying NTLM Authentication.

      • OpenID – if you choose this option, do the following:

        1. Navigate to the OpenID tab.

        2. Complete the required fields.

      • SAML – if you choose this option, do the following:

        1. Navigate to the SAML tab

        2. Complete the required fields.

8. Based on client type, EMS Platform Services checks against license count, and current number of "active" integration clients. If license count is 0 or equal to the current number of "active" clients, EMS Platform Services denies the request to add an additional client.

   Set the existing client to inactive or increase your license count via normal licensing processes. See Licensing Requirements.

9. Click Save Client.

   A Client ID and Secret pair is generated.

10. Copy and save the Client Secret in a secure location, since this is the only time it appears. If you need to get a new Client Secret, reset it.

Reset the Client Secret

1. On the EMS Platform Services Admin Portal, navigate to the Integrations tab.

2. Select the Integration Client.

3. Click Reset Secret.

Booking Rules

The following booking rules are validated by each of these calls.

Beginning with Update 31, EMS Platform Services is a prerequisite for installing and using the EMS Web App. If you don’t have EMS Platform Services installed in your environment, validate the hardware and software requirements for EMS Platform Services.

If your organization uses the EMS Kiosk App, Google Integration, EMS for Outlook, or SAML authentication, EMS Platform Services is already running in your environment.

1. Navigate to the EMS Platform Services Admin Portal. 

2. Select Integrations.

3. Under Clients, click the EMS Web App link.

4. Click Reset Secret and copy the generated Secret.

5. In the web.config file located in the designated folder for your current version of EMS, insert the copied Secret ID into the value field. 

       <add key="platformServicesSecret" value="YourSecretID" />

   Important!

   EMS Cloud Services customers do not need to generate a Secret or insert it into the web.config file (Steps 3 and 4).

6. Clear the cache in EMS Platform Services. 

7. In the EMS Desktop Client, navigate to System Administration > Settings > Parameters > Everyday User Applications.

8. Configure the Platform Services API URL parameter and click Close.

1. Navigate to the EMS Platform Services Admin Portal.

2. Select Integrations.

3. Under Clients, click the EMS Desktop link.

4. Click Reset Secret and copy the generated Secret.

   Important!

   EMS Cloud Services customers do not need to generate a Secret or insert it into the web.config file (Steps 3 and 4).

5. Clear the cache in EMS Platform Services.

6. In the EMS Desktop Client, navigate to System Administration > Settings > Parameters > Desktop Client.

7. Configure the Platform Services Desktop Secret parameter with the secret copied in Step 4.

8. For versions 220.4 and after, at the end of the Platform API URL, add "/api/v1/".
   In the absence of this string, EMS Desktop Client attempts to execute a client authentication call on the wrong URL path and receives a 404 error.

9. Click Close.

Roles are separate entities responsible for capturing the rules associated with authorizing clients and users. These authentication roles allow users to access specific rest API routes. Roles are applied to clients, both user-based and non-user based.

From the Roles tab, you can create new roles or edit existing roles.

Create New Roles

1. In the EMS Platform Services Admin Portal, navigate to the Roles tab.

2. Click New Role.

3. In Name, enter a unique role name.

4. From Available Routes, move the routes you want associated to this role to the Selected. Use the Move (>) arrow.

Edit Existing Role Routes

1. In the EMS Platform Services Admin Portal, navigate to the Roles tab.

2. Click on the role route you want to edit.

   A list of routes associated with the role appears.

3. From the Available Routes list, move the routes you want associated to this role to Selected. Use the Move (>) arrow.

You can view logs from the EMS Platform Services Admin Portal. You can edit log level details through the default.json file.

There are two types of logs in EMS Platform Services:

• Global logs – includes logs only for EMS Platform Services.

• Integration logs – includes logs for a selected integration client.

  To enable logging for any integration client you want to view logs for, choose a Client from the dropdown.

Edit Log Level Details

1. Navigate to the Default folder that was created during installation.

2. Open the default.json file for editing.

3. Under Logging, set the logLevel field to Debug.

EMS supports two authentication types for the EMS Platform Services Admin Portal:

1. EMS Native authentication – An Everyday User with Everyday User Admin Security Template credentials can log into the EMS Platform Services Admin Portal. Verify license information is correctly reflected on the admin home page.

2. NTLM authentication – During installation of EMS Platform Services, select Enable NTLM For EMS Everyday User Authentication. 

The following authentication methods are EMS Desktop Client-integration specific:

• Header authentication – see Portal Authentication Methods.

• LDAP authentication – the LDAP Authentication method provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS applications – such as EMS Web App.

• SAML authentication – Authentication with SAML requires you to configure set up for EMS Web App before beginning the authentication flow.

Auth Keys are used for SAML certificates.

1. In the EMS Platform Services Admin Portal, navigate to the Auth Keys tab.

2. Click New Auth Key.

3. Provide a Purpose.

4. Enter dates in Not Before and Not After for when the Auth Key is valid.

5. Enter a Public Key (PEM).

6. Enter a Private Key (PEM).

7. Click Save Auth Key.

Enable Google Workspace Integration

To provide free/busy statuses of the users within EMS for scheduling meetings, you can use Google Calendar Integration to access the users’ Google Calendars. Everyday Users can see attendee availability directly within the EMS Web App alongside space availability information from the EMS database.

1. In the EMS Platform Services Admin Portal, navigate to the Calendaring tab.

2. Upload the JSON file created for your Google Workspace project.

   To navigate to the file, click Browse . Click Save New Configuration File.

3. In Service Account Mailbox, enter the mailbox address and click Update .

   As of Update 31, a Service Account Mailbox is required for the Google Workspace Integration. The Service Account Mailbox can be any mailbox within your domain (or your organizational unit if you are not integrating the entire domain). The mailbox does not require special permissions.

4. Toggle between Enabling and Disabling Google Workspace Integration using the Enable Google Workspace Integration.

   Enable Exchange Sync Integration

   To enable integration for accessing Microsoft Exchange, do the following.

   Configure your ERI settings in EMS Platform Services Admin Portal as follows: 

   1. Navigate to the EMS Platform Services Admin Portal. 

   2. Select Calendaring > Exchange Sync.

      The Exchange Sync section is only available if you have a valid license.

   3. Complete the following Exchange Sync fields :

      To complete the Exchange Sync fields, register a new application for EMS in the Azure Portal under an admin account. You will need the Application ID, Application Secret, and Directory (Tenant) ID from the Azure Portal. See Configure Exchange-to-EMS Sync for ERI for more information.

      Exchange Sync Fields	Description
      Application ID	Enter the Application (client) ID that you copied when you configured Exchange-to-EMS sync for ERI.
      Application Secret	Enter the Application Secret that you copied when you configured Exchange-to-EMS sync for ERI.
      Directory (Tenant) ID	Enter the Directory (tenant) ID that you copied when you configured Exchange-to-EMS sync for ERI.

   4. In the Exchange Sync Configuration section, set your defaults for the Exchange Sync parameters:

      To sync with EMS, reservations created in native Exchange applications—such as Outlook Mobile—must have a Reserve Status, Conflict Status, Cancel Status, Default Group, and Reservation Source (see the following table for details). When Exchange syncs with EMS, the values you have selected for the Exchange Sync parameters will be applied to the reservations.

      Exchange Sync Parameter	Description	Values
      Reserve Status	Select a Reserve Status to assign to reservations created in native Exchange applications, such as Outlook Mobile. Required. All confirmed bookings synced from Exchange-to-EMS will have this reserve status.	All active reserve statuses that have been configured in EMS Desktop Client.
      Conflict Status	Select a Conflict Status to assign to reservations created in native Exchange applications. Required. All bookings in conflict that are synced from Exchange-to-EMS will have this conflict status.	All active conflict statuses that have been configured in EMS Desktop Client.
      Cancel Status	Select a Cancel Status to assign to reservations created in native Exchange applications Required. All canceled bookings synced from Exchange-to-EMS will have this cancel status.	All active cancel statuses that have been configured in EMS Desktop Client.
      Default Group	Select a Default Group to assign to reservations created in native Exchange applications. When syncing from Exchange-to-EMS, if a user does not exist in EMS, the EMS reservation will be assigned to the default group specified in this parameter. Required.	All active groups that have been configured in EMS Desktop Client.
      Reservation Source	Select a Reservation Source to apply to reservations created in native Exchange applications. When reservations are created in native Exchange apps and then synced with EMS, users can view the source of a reservation in EMS Desktop Client by opening the reservation, clicking the Properties tab, and scrolling to the Source field. Customers can use reports to view the number of reservations created using native Exchange applications, such as Outlook, vs. the number of reservations created using EMS modules, such as EMS Web App. Required.	All active reservation sources that have been configured in EMS Desktop Client. (You can create reservation sources in EMS Desktop Client from Configuration > Other > Reservation Sources.)
      Default Organizer Mailbox	Used only by EMS Room Sign App and EMS Kiosk App. If you are using ERI with EMS Room Sign App and/or EMS Kiosk App, provide a default organizer mailbox. You can also set this value on the PAMConfig.aspx page.	Text field. Enter the email for default organizer.

   5. Click Enable Exchange Sync.

      A success message appears and asks you to restart the app pool to initiate sync.

      Enable Exchange Sync is only available after all the required Exchange Sync fields have been completed.

      Once you successfully enabled Exchange sync, Enable Exchange Sync toggles to Disable Exchange Sync.

   6. To initiate sync, restart the app pool.