Configuring Platform Services in the Admin Portal

To begin configuration of EMS Platform Services, navigate to the EMS Platform Services Admin Portal using the Platform Services admin URL—such as https://yourcompany.com/EMSPlatform/admin. From the EMS Platform Services Admin Portal, you can clear the cache, view license and application information, configure authentication methods, manage integration clients, and view logs.

EMS Platform Services Admin Portal includes the following:

ClosedHome

When logged into EMS Platform Services Admin Portal from an EMS Everyday User account with a Web Admin security role, you can perform Administrative Functions, such as Clearing the Cache and viewing License and Application Information.

Clear the Cache

Clear the cache in EMS Platform Services and the EMS Web App whenever parameter changes are made in the EMS Desktop Client.

  1. From the Home tab, click Clear Cache

  2. You will receive a success notification.

ClosedIntegrations

You can manage your EMS Integrations from the Integrations tab. You can create, edit status, delete integration clients, or reset the Client Secret.

Create a New Integration Client

  1. Navigate to EMS Platform Services Admin Portal > Integrations tab.

    A list of integrations and their statuses displays.

  2. Click New Integration Client.

  3. Create a client Name.

  4. In Type, choose either Custom or Partner.

  5. Choose a Role.

    Active is selected by default. This indicates that your integration is active.

  6. Click Enable Logging to view the logs for this integration through the Log section of the Admin Portal.

  7. Configure User Authentication.

    1. To designate the Client as an Everyday User, select Everyday User Authentication Required. If it's not selected, all other options for everyday user authentication will be inaccessible. Header, OpenID, and SAML are configured from the EMS Platform Services Admin Portal.

    2. To allow users to stay logged in, select User Authentication is Persistent.

    3. The default for Token Duration is one day (1440 minutes). To customize this duration, enter the number of minutes.

    4. Choose an authentication method from Everyday User Authentication Method . The Header, OpenID, and SAML authentication settings are applied globally. All Integration Clients with these authentication types selected will default to these settings. Choose one of the following options:

      • EMS Native – authenticates users via Everyday Application User (webuser) credentials stored in the EMS database. No additional authentication configuration is required.

      • Header – if you choose this option, do the following:

        1. Navigate to the Header tab.

        2. Enter the Header Variable.

        3. Click Save Changes.

      • LDAPLDAP Authentication provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS Everyday applications.

      • NTLM – to configure NTLM authentication:

        1. Select Enable NTLM For EMS Everyday User Authentication during installation.

        2. Follow steps of Verifying NTLM Authentication.
      • OpenID – if you choose this option, do the following:

        1. Navigate to the OpenID tab.

        2. Complete the required fields.

      • SAML – if you choose this option, do the following:

        1. Navigate to the SAML tab

        2. Complete the required fields.
  1. Based on client type, EMS Platform Services checks against license count, and current number of "active" integration clients. If license count is 0 or equal to the current number of "active" clients, EMS Platform Services denies the request to add an additional client.

    Set the existing client to inactive or increase your license count via normal licensing processes. See Licensing Requirements.

  2. Click Save Client.

    A Client ID and Secret pair is generated.

  3. Copy and save the Client Secret in a secure location, since this is the only time it appears. If you need to get a new Client Secret, reset it.

Important!

Partner and Custom types can be classified as either of the following client sub-categories: User-based and Non-user based.

User-based: User-based clients (EMS Mobile, EMS for Outlook) need to authenticate as a user to perform any actions. These clients need an integration client role with minimal access to the following API resources (above and beyond public resources):
/authentication
/logging

Non-user based: Non-user based clients (EMS Kiosk, EMS Room Sign App) provide functionality independent of users but also support user-like functionality (such as Check-In or on-the-fly room reservations). These clients need a role with wider access.

Reset the Client Secret

  1. On the EMS Platform Services Admin Portal, navigate to the Integrations tab.

  2. Select the Integration Client.

  3. Click Reset Secret.

Booking Rules

The following booking rules are validated by each of these calls.

Call BOOKING RULES

Create Reservation

Web template must exist (for user)

 

Web template must be associated with the proper rooms

 

Max bookings

 

Date limit

 

Max bookings per date range

 

Max bookings per date

 

Max minutes

 

Twenty four hour max

 

New booking cutoff

 

If VC—must have host/host group

 

Event Type ID must be valid

 

If Exchange, Exchange ID must be valid (reaches out to Exchange)

 

Handle setting conflict status if necessary

Availability

User has template

 

Template is active

 

Must have time zone record for the room

 

24 Hour max

 

Max minutes

 

No bookings in past

 

Inventory (e.g., projector)

 

New booking cutoff

 

Last allowed date

 

Max bookings per date

 

Max bookings before last date

 

Building Hours

 

Blocking bookings

Add Booking

Reservation must exist

 

Template must exist for user

 

Max bookings

 

Max minutes

 

Twenty four hour max

 

New booking cutoff

Edit Booking

License

 

Web template / user

 

Template access ("template mode")

 

Room access (must be in template, and not be the calendaring TBD room)

 

Not crosslisted

 

Status must allow edits

 

Must not be invoiced

 

Must not have a service order in progress

 

Must not have setup/teardown and be in progress

 

Must not be managed space event in progress

 

Must not be a VC in progress

 

New booking cutoff

 

Last Date rules

 

Category new booking cutoff

 

Must not be invited (in calendaring) and be in progress

 

Max bookings

 

Date limit

 

Max bookings per date range

 

Max bookings per date

 

Max minutes

 

Twenty four hour max

 

New booking cutoff

 

Timezone must exist

 

New booking cutoff

 

Last Date rules

 

Max Minutes

 

MaxBookings per day

 

Categories (Allow weekends, category cutoff rules)

 

Setup & Capacity Validation

 

24 Hours Max

 

Building Hours

 

Conflict check

ClosedConnect EMS Web App to EMS Platform Services

Beginning with Update 31, EMS Platform Services is a prerequisite for installing and using the EMS Web App. If you don’t have EMS Platform Services installed in your environment, validate the hardware and software requirements for EMS Platform Services.

If your organization uses the EMS Kiosk App, Google Integration, EMS for Outlook, or SAML authentication, EMS Platform Services is already running in your environment.

  1. Navigate to the EMS Platform Services Admin Portal. 

  2. Select Integrations.

  3. Under Clients, click the EMS Web App link.

  4. Click Reset Secret and copy the generated Secret.

  5. In the web.config file located in the designated folder for your current version of EMS, insert the copied Secret ID into the value field. 

        <add key="platformServicesSecret" value="YourSecretID" />
    Important!

    EMS Cloud Services customers do not need to generate a Secret or insert it into the web.config file (Steps 3 and 4).

  6. Clear the cache in EMS Platform Services

  7. In the EMS Desktop Client, navigate to System AdministrationSettings Parameters Everyday User Applications.

  8. Configure the Platform Services API URL parameter and click Close.

ClosedConnect EMS Desktop Client to EMS Platform Services

  1. Navigate to the EMS Platform Services Admin Portal.

  2. Select Integrations.

  3. Under Clients, click the EMS Desktop link.

  4. Click Reset Secret and copy the generated Secret.

    Important!

    EMS Cloud Services customers do not need to generate a Secret or insert it into the web.config file (Steps 3 and 4).

  5. Clear the cache in EMS Platform Services.

  6. In the EMS Desktop Client, navigate to System Administration > Settings > Parameters > Desktop Client.

  7. Configure the Platform Services Desktop Secret parameter with the secret copied in Step 4.

  8. For versions 220.4 and after, at the end of the Platform API URL, add "/api/v1/".
    In the absence of this string, EMS Desktop Client attempts to execute a client authentication call on the wrong URL path and receives a 404 error.

  9. Click Close.

ClosedRoles

Roles are separate entities responsible for capturing the rules associated with authorizing clients and users. These authentication roles allow users to access specific rest API routes. Roles are applied to clients, both user-based and non-user based.

From the Roles tab, you can create new roles or edit existing roles.

Create New Roles

  1. In the EMS Platform Services Admin Portal, navigate to the Roles tab.

  2. Click New Role.

  3. In Name, enter a unique role name.

  4. From Available Routes, move the routes you want associated to this role to the Selected. Use the Move (>) arrow.

Edit Existing Role Routes

  1. In the EMS Platform Services Admin Portal, navigate to the Roles tab.

  2. Click on the role route you want to edit.

    A list of routes associated with the role appears.

  3. From the Available Routes list, move the routes you want associated to this role to Selected. Use the Move (>) arrow.

ClosedLogs

You can view logs from the EMS Platform Services Admin Portal. You can edit log level details through the default.json file.

There are two types of logs in EMS Platform Services:

  • Global logs – includes logs only for EMS Platform Services.

  • Integration logs – includes logs for a selected integration client.

    To enable logging for any integration client you want to view logs for, choose a Client from the dropdown.

Edit Log Level Details

  1. Navigate to the Default folder that was created during installation.

  2. Open the default.json file for editing.

  3. Under Logging, set the logLevel field to Debug.

ClosedHeader, OpenID, and SAML (Authentication Options)

EMS supports two authentication types for the EMS Platform Services Admin Portal:

  1. EMS Native authentication – An Everyday User with Everyday User Admin Security Template credentials can log into the EMS Platform Services Admin Portal. Verify license information is correctly reflected on the admin home page.

  2. NTLM authentication – During installation of EMS Platform Services, select Enable NTLM For EMS Everyday User Authentication

The following authentication methods are EMS Desktop Client-integration specific:

  • Header authentication – see Portal Authentication Methods.

  • LDAP authentication – the LDAP Authentication method provides single-sign-on capability using your organization’s LDAP environment and can be used in both intranet and internet deployments of EMS applications – such as EMS Web App.

  • SAML authenticationAuthentication with SAML requires you to configure set up for EMS Web App before beginning the authentication flow.

ClosedCreate Auth Keys

Auth Keys are used for SAML certificates.

  1. In the EMS Platform Services Admin Portal, navigate to the Auth Keys tab.

  2. Click New Auth Key.

  3. Provide a Purpose.

  4. Enter dates in Not Before and Not After for when the Auth Key is valid.

  5. Enter a Public Key (PEM).

  6. Enter a Private Key (PEM).

  7. Click Save Auth Key.

ClosedCalendaring

Enable Google Workspace Integration

To provide free/busy statuses of the users within EMS for scheduling meetings, you can use Google Calendar Integration to access the users’ Google Calendars. Everyday Users can see attendee availability directly within the EMS Web App alongside space availability information from the EMS database.

Important!

You must import a license before Enabling Google Workspace in the EMS Platform Services Admin Portal. See Configure Google Workspace Integration.

  1. In the EMS Platform Services Admin Portal, navigate to the Calendaring tab.

  2. Upload the JSON file created for your Google Workspace project.

    To navigate to the file, click Browse . Click Save New Configuration File.

  3. In Service Account Mailbox, enter the mailbox address and click Update .

    As of Update 31, a Service Account Mailbox is required for the Google Workspace Integration. The Service Account Mailbox can be any mailbox within your domain (or your organizational unit if you are not integrating the entire domain). The mailbox does not require special permissions.

  4. Toggle between Enabling and Disabling Google Workspace Integration using the Enable Google Workspace Integration.

    Enable Exchange Sync Integration

    To enable integration for accessing Microsoft Exchange, do the following.

    Configure your ERI settings in EMS Platform Services Admin Portal as follows: 

    1. Navigate to the EMS Platform Services Admin Portal. 

    2. Select Calendaring > Exchange Sync.

      The Exchange Sync section is only available if you have a valid license.

    3. Complete the following Exchange Sync fields :

      To complete the Exchange Sync fields, register a new application for EMS in the Azure Portal under an admin account. You will need the Application ID, Application Secret, and Directory (Tenant) ID from the Azure Portal. See Configure Exchange-to-EMS Sync for ERI for more information.

      Exchange Sync Fields Description
      Application ID Enter the Application (client) ID that you copied when you configured Exchange-to-EMS sync for ERI.
      Application Secret Enter the Application Secret that you copied when you configured Exchange-to-EMS sync for ERI.
      Directory (Tenant) ID Enter the Directory (tenant) ID that you copied when you configured Exchange-to-EMS sync for ERI.
    4. In the Exchange Sync Configuration section, set your defaults for the Exchange Sync parameters:

      To sync with EMS, reservations created in native Exchange applications—such as Outlook Mobile—must have a Reserve Status, Conflict Status, Cancel Status, Default Group, and Reservation Source (see the following table for details). When Exchange syncs with EMS, the values you have selected for the Exchange Sync parameters will be applied to the reservations.

      Exchange Sync Parameter

      Description

      Values

      Reserve Status

      Select a Reserve Status to assign to reservations created in native Exchange applications, such as Outlook Mobile.

      Required.

      All confirmed bookings synced from Exchange-to-EMS will have this reserve status.

      All active reserve statuses that have been configured in EMS Desktop Client.

      Conflict Status

      Select a Conflict Status to assign to reservations created in native Exchange applications.

      Required.

      All bookings in conflict that are synced from Exchange-to-EMS will have this conflict status.

      All active conflict statuses that have been configured in EMS Desktop Client.

      Cancel Status

      Select a Cancel Status to assign to reservations created in native Exchange applications

      Required.

      All canceled bookings synced from Exchange-to-EMS will have this cancel status.

      All active cancel statuses that have been configured in EMS Desktop Client.

      Default Group

      Select a Default Group to assign to reservations created in native Exchange applications.

      When syncing from Exchange-to-EMS, if a user does not exist in EMS, the EMS reservation will be assigned to the default group specified in this parameter.

      Required.

      All active groups that have been configured in EMS Desktop Client.

      Reservation Source

      Select a Reservation Source to apply to reservations created in native Exchange applications.

      When reservations are created in native Exchange apps and then synced with EMS, users can view the source of a reservation in EMS Desktop Client by opening the reservation, clicking the Properties tab, and scrolling to the Source field. Customers can use reports to view the number of reservations created using native Exchange applications, such as Outlook, vs. the number of reservations created using EMS modules, such as EMS Web App.

      Required.

      All active reservation sources that have been configured in EMS Desktop Client. (You can create reservation sources in EMS Desktop Client from Configuration > Other > Reservation Sources.)

      Default Organizer Mailbox

      Used only by EMS Room Sign App and EMS Kiosk App.

      If you are using ERI with EMS Room Sign App and/or EMS Kiosk App, provide a default organizer mailbox. You can also set this value on the PAMConfig.aspx page.

      Text field.

      Enter the email for default organizer.

    5. Click Enable Exchange Sync.

      A success message appears and asks you to restart the app pool to initiate sync.

      Enable Exchange Sync is only available after all the required Exchange Sync fields have been completed.

      Once you successfully enabled Exchange sync, Enable Exchange Sync toggles to Disable Exchange Sync.

    6. To initiate sync, restart the app pool.

 

(missing or bad snippet)