Configure Impersonation for NetDocuments ndMail
ndMail requires the ability to impersonate users in the Exchange domain to retrieve and file email for subscribed users. Use RBAC (role-based access control) on the Exchange Server to enable impersonation. This section describes how to configure impersonation on Office365/Exchange Online or on-premises Exchange Servers.
Impersonation Service Account
A new account specifically for the ndMail Exchange service account is called the Impersonation service account. When correctly configured with the impersonation rights, this Exchange user account can read emails of ANY user in the Exchange domain. ndMail uses basic authentication with the optional second factor of limiting access to our data center IP address for EWS with an impersonation role assigned, allowing it to impersonate Exchange users to read folders and emails.
1) Via Admin in Office 365:
- Create a new user / service account in Office 365. Consider using firstname.lastname@example.org. Important: The account used as the Impersonation service account needs an Exchange license and its own mailbox. Please send LawTech Partners the credentials for this account – we will need to log in to the inbox.
2) Grant the service account a user impersonation role.
Open the web-based Exchange Admin Center (EAC) of the Exchange Server.
To configure impersonation on Office365/Exchange Online:
- Open Outlook for Office365.
- Sign in as a user with administrative rights.
- Select the app launcher in the upper-left corner, and choose Admin.
- If Admin Centers is not visible, select More, then expand Admin Centers, and select Exchange.
- Choose permissions.
- To create a new administrative role, select the + icon.
- In the Name box, enter a name for your role of “ndMail User Impersonation”.
Optional: Enter a description for the role (ex: Used to authenticate ND accounts to Exchange for ndMail).
- Leave the Write scope as Default.
- Under Roles, select the + icon, then select ApplicationImpersonation and OK to close the Window.
- Under Members, select the + icon, and select the service account you created previously for ndMail.
- Select Save.
- Let LawTech Partners know this has been completed.