Situational Topology Settings

This page focuses on less frequently items in the "Topology" section of LUCS and depend on your intended usage scope. Topics covered are:

Connection to external Systems (Mailboxes, CRM Applications, Ticketing Systems)
Connection of LUCS via the API to external systems

While not as important as the main Essential Topology Settings chapter, any changes under "Topology" should generally be handled with care as settings may be (re-)used in other parts of LUCS - for example within Call and Mail Services. We recommend to perform changes outside of operation hours and restart the affected LUCS System Components if needed.

"Topology" settings - either for the core LUCS Systems or the optional / situational items explained on this page - are essential and should checked directly after a first-time LUCS installation. We also recommend checking topology settings first after performing an Upgrade.

Tip: To get a better understanding of the LUCS topology, head to the Architecture page.

Credentials

The 'Credentials' page provides the possibility to define and configure users for the LUCS System.

The credentials will be used in → Mailboxes (see next chapter)

On clicking a specific credential in the list, you can access its details:

Topology - Credentials

The 'Credentials' page has the following settings:

Control Name	Description
Username	The username of the created on the Exchange server email account.
Organization Unit	Select Organization Unit to which the credential will be assigned.
Domain	The domain of the created on the Exchange server email account.
Password	The password of the created on the Exchange server email account.

Mailboxes

Mailboxes will be used in LUCS mail services, for mail manager and for specific workflows and features.

Support for Exchange Web Service (EWS) APIs for Exchange Online is being phased out by Microsoft¹ in favor of OAuth 2.0 (via O365 credentials). LUCS features already use Graph API and can be reconfigured. Check in your configuration that "O365" settings are used instead of "Exchange".

AREAS TO CHECK: Mailboxes, Calendars, Voicemail, Topology Settings. Note that "Mail Manager" as an exception will not get further Graph support.

¹https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-api-deprecations-in-exchange-web-services-for-exchange/ba-p/2813925

Precondition: Mailboxes need to be created and configured on Exchange, before defining them in the LUCS System.

Related pages: If you need to use O365/Azure, please perform the Azure Application Registration and then head to the Tenant Setup O365 and Exchange page.

On clicking a specific mailbox in the list, you can access its details:

Topology - Mailboxes

The 'Mailboxes' page has following settings:

Control Name

Description

Account

The full email account created on the Exchange server.

Organization Unit

Organization Unit to which the credentials will be assigned.

O365 Tenant

The O365 Tenant on which the mailbox is created.

Exchange Tenant

The Exchange tenant on which the mailbox is created.

Credential

The username of the email account created on the Exchange server.

Default Opening Hour value

Default state of mailbox selected from a list of categories defined on CI server.

Instead of Exchange you can also configure LUCS to use internal calendars for Opening Hours. The entries will be available when configuring and adding mail services.

Use Impersonation

Option to allow LUCS to use impersonation and access a shared calendar (instead of using the built-in Opening Hours calendar).

Exchange On-Prem (EWS)

Exchange Online (MS Graph)

An impersonated account is added in Exchange to a group with 'ApplicationImpersonation' role.

To use an impersonated account:

select it from → 'Credential' drop down list. → (Credentials are described in the previous chapter)
1. 'true' to use an impersonated account instead of original one.
2. 'false' to use original account.

Supported with LUCS V3.7. Refer to Azure Application Registration → Access Permissions

Precondition: If you want to use shared Exchange Online Calendars to you will need an additional delegated permission:

Permission	Type	Description
Calendars.Read.Shared	Delegated	Read user and shared calendars

To configure a user account to access a shared mailbox (calendar):

Configure the user in the → Credentials (see previous chapter)
Head to "Mailboxes" and create a new account
Ensure the "Account" name of the user points to the address of the correct calendar
Configure the shared mailbox (O365 Tenant), and select the previously configured credentials.
See example below:
Make sure the "Use Impersonation" checkbox is enabled

For the shared calendar to take effect, make sure to select it within the General Service Settings > Opening Hours Box.

Power BI Settings

If you are not using Power BI for Historic Reporting you can skip this section.

Note that fields described in the table below are all optional to be filled in the UI until at least one field is filled in. Afterwards a validation will require you to fill in all fields.

These settings are directly related to Historic Reporting. Read our Introduction to Power BI if you want to use this feature. The values are used to connect our BI Reporting Data Evaluation Template Use to the database.

Once first productive data has been gathered, ensure to read the Managing BI User and Data access chapter to learn how to assign users to Reporting roles.

BI System Settings

For this step you need (depending on your configuration):

A BI Azure Application registered.
An On-premises data gateway set up.

...so you can retrieve the necessary URLs, IDs and App Secret from your Tenant.

Go to Configuration > Topology > System Settings > "Power BI Configuration" section

Topology Power BI Configuration

Fill values as described from the preconditions. The values for Power BI URL, Scope URL and Row Level Security Role can be considered "static" and we therefore suggest our customer-site Administrators to configure as follows:

Setting	Value	Comments
POWER BI URL	https://api.powerbi.com/	Can be considered "static" (as defined by Microsoft)
AUTHORITY URL	https://login.microsoftonline.com/{TENANT ID}	Partially static only. Your TENANT ID value needs to be retrieved upon Azure BI Application registration
SCOPE URL	https://analysis.windows.net/powerbi/api/.default	Can be considered "static" (as defined by Microsoft)
APPLICATION ID	5e4bcbaf-dafc-4201-a760-fd23d13c56b3 ← example, put your value	value collected on application registration
CLIENT SECRET	~2-31vCivgB_9JGwgUS_dOybM3GSJMCC4M ← example, put your value	value collected on application registration
ROW LEVEL SECURITY ROLE	RowLevelSecurity	(Has to be set up on PowerBI itself) Can be considered "static" , our suggestion is to leave the default value.

BI OU Settings

For this step you need (depending on your configuration):

A configured BI Workspace, with...
BI Reports uploaded and hosted as an URL.

... so you can retrieve the Workspace and Report ID for your settings below.

How to find these IDs? You can retrieve the ID when opening your Azure-Hosted Power BI report and checking your browser's address bar:

Go to Configuration > Organization Unit Settings

Organization Unit Power BI Configuration
Select your Organization Unit that should be allowed access to an embedded report.
Fill values as described from the preconditions:
Setting
Value
Comments
Workspace ID Unique ID Generated from BI Reported Hosting
Report ID
Unique ID
Good to know
- Different Organization Units may have a different IDs each.
- Values configured on parent Organization Unit are also applied to nested entries.
- All users in the related OU will need Reporting permissions in order to see the reports.

API Authentication Tokens

Authentication tokens are required for usage of the LUCS API. Please read the API Setup and Preconditions

The 'Authentication Tokens' page is accessible on Settings -> Topology section -> Authentication Tokens:

API Authentication Token

The 'Authentication Token' page contains the following settings:

Control Name	Description
Name	Token name for later identification.
Description	Short information about token.
Token	Unique number generated by the system. This field is not editable. A new key can be generated upon clicking 'Generate New Token' button. Be careful when generating & saving a new key for EXISTING API entries. As you "Save" the key entry you will render the previously existing token invalid. LUCS will not recognize the previous key anymore and cease to operate with any external systems that might have used the previous token. → Add a new entry instead by using the "+Add" button.
Expiration Date	Optional tokens expiration date A warning icon is displayed for already expired tokens.

Service Now

When using Service Now, additional configuration is required outside of the page described below. Please read the related chapters:

This setting relates to the "Get Caller Information" activity located in the Custom Workflow Elements while editing your Workflow Structures.
The Configuration is applied in the Service Workflow Configuration under "External Applications"

Get Caller Information WF Activity

Service Now Configuration

Control Name	Description
Name	Clear Name of the Configuration item
Organization Unit	Organization Units which have access to this configuration.
Description	Additional text to describe the config
Account	The username (e.g. like https://dev*service-now.com/)
Password	Password for the user
API Table URL	URL is in the form of: https://{snowinstance url}/api/now/table/
Request Timeout	Time to wait for the completion of the request If 0 will wait indefinitely May stall your workflow.

Zendesk

When using Zendesk, additional configuration is required outside of the page described below. Please read the related chapters:

Related Custom Workflow Elements ("Create CRM Ticket" Activity") while editing your Workflow Structures.
The Zendesk Configuration is applied in the Service Workflow Configuration under "External Applications"
Use Case: Create and open Zendesk Ticket in AA

Zendesk Configuration

Control Name	Description
Name	Clear Name of the Configuration item
Organization Unit	Organization Units which have access to this configuration.
Description	Additional text to describe the config
Account	Existing Zendesk account that is required to login to Zendesk site.
Password	Password to verify Zendesk account.
OAUT Token	Token to authenticate with the Zendesk Server
API Token	API tokens that is generated in Zendesk and used to as part of 2-factor authentication for App integration
API URL	URL to your Zendesk site.
Locale	Locale that is used for your Zendesk site _{→ Also see: https://en.wikipedia.org/wiki/Locale_(computer_software)}
OAUTH Token	The OAuth Token authenticates all your application’s API requests to Zendesk. It is generated by Zendesk during registry of your application.
Request Timeout in seconds	Time to wait for the completion of the request If 0 will wait indefinitely May stall your workflow.

Setting	Value	Comments
Workspace ID	Unique ID	Generated from BI Reported Hosting
Report ID	Unique ID