Skip to main content


Eptura Knowledge Center

Provide access and get tenant information

Grant admin consent to the Microsoft admin account from the Token provider app and authorize via the service account. Get the Tenant ID, Organization, and TokenProvider APIKey information and notify Condeco.

About Token administration

In order for Condeco to synchronize with your Exchange room calendars using Exchange Sync, we need to know your Tenant ID, your organization’s domain name, and TokenProvider APIKey.

Follow the steps below to gather this information and to grant the required access to your Microsoft 365 Admin account and Microsoft 365 Service account.

These steps can also be followed to use Microsoft Graph API instead of the historic Outlook Rest APIs.

If consent for Outlook Rest APIs was previously granted, use the same domain to grant consent to Graph API.

Grant Admin Consent

  1. Start the Token app with the appropriate URL:
    1. For a Production/Pilot environment, use
    2. For a UAT/Trial environment, use
  1. Click Grant Admin Consent.
  1.  Enter your Microsoft 365 admin account credentials and check the permissions requested as described in the popup window.  Learn more about the permissions you are accepting.
  2. Click Accept. The Microsoft 365 Tenant Permission Portal is displayed.
  3. Copy the Tenant IDOrganization, and TokenProvider APIKey information by clicking the copy button to the right of each field, and store them somewhere safe.

Copy all values as you will not be able to retrieve them later!

  1. Log out from the token application.
  2. Provide the information copied above to Condeco by your agreed method.

Authorize via Microsoft 365 service account

The Microsoft 365 service account is used by Condeco to manage your calendars and requires impersonation rights to all Exchange room calendars mapped in Condeco.

Ensure the Microsoft 365 admin account has logged out from the Token app before granting this access. Alternatively, use an inPrivate/incognito window to authenticate as the service account.

  1. Start the Token app with the appropriate URL:
    1. For a Production/Pilot environment, use
    2. For a UAT/Trial environment, use
  1. Click Authorize via Service Account and enter your Microsoft 365 Service Account credentials to initiate the OAuth grant process.
  2. The Microsoft 365 Tenant Permission Portal opens and displays the logged-in service account email address, tenant ID, and domain.

During the setup process, the following access to our Token Provider application is granted:

  • Sign in and read user profiles
  • Read and write calendars in all mailboxes

To restrict Condeco to access only specific room mailboxes, use the New-“ApplicationAccessPolicy” PowerShell cmdlet to configure access control.  Learn how 

The Condeco Exchange Sync service uses Graph API to connect to your Microsoft 365 Exchange Service. Whilst permissions requested during authorization are for ‘all mailboxes’ Graph APIs can be used to limit access to specific mailboxes.

Learn more from Microsoft

What happens next?

After granting consent, send the following information back to Condeco via the Condeco Support portal

  • Service account username
  • Tenant ID
  • Organization
  • TokenProvider APIKey
  • Email address for one room mailbox from your room list

This information is necessary to complete the synchronization between your Condeco platform and your Microsoft Exchange service.

When Condeco has completed the onboarding process, log in to Condeco as a Global Admin and map your Exchange rooms on the Exchange room mapping page. Learn how


Exchange Sync home