- Article purpose: This article describes how the different scopes used on Microsoft accounts can determine certain available features on the Appspace console.
- Business problem: There are some questions around which Microsoft roles are required for Room Booking cards and the Maps module, and why certain scopes are requested.
- Solution: This article will serve to detail which Appspace feature maps to which scope in the Microsoft roles used to link to the Appspace platform.
- Conclusion: Clarity in documentation helps customers better understand the needs and reasons behind the Microsoft roles that Appspace requests.
WHAT’S IN THIS ARTICLE:
Overview
Many of our enterprise customers utilize Microsoft solutions in their IT infrastructure. We have had many questions around which Microsoft roles are required for room booking and for linking map resources, and why certain scopes are requested.
Each customer may have different reasons for allowing or denying access to certain roles on the Microsoft account side, which impacts some Appspace functions.
This guide outlines what Microsoft scopes and permissions are required for integration. The documentation will help to provide more clarity and reasons to customer IT teams about why these specific scopes and permissions are needed.
Integration Points
Appspace has several integration points within the platform where Microsoft solutions such as Office 365 can be linked in order to provide access to calendar resources for room booking and mapping those resources to buildings and floor plans.
There are currently three Appspace features that integrate with Microsoft Office 365:
- Room schedule card
- Schedule board card
- Maps (Locations)
Room Booking Cards
The Room Schedule and Schedule Board cards are directly linked to Office 365 with Microsoft account credentials during the card setup. The credentials are utilized once cards are deployed to devices.Scope: Calendars.ReadWrite.Shared
- Permission level: Non-admin
- Documentation: https://docs.microsoft.com/en-us/graph/api/resources/event?view=graph-rest-1.0
|
Action |
Justification |
API |
|
Create an event |
When booking a room, we will need to call the create event API to create an event for the room. |
|
|
Update an event |
When extending or ending a meeting, we will need to call the update event API to change the timeline for the event. |
|
|
Delete event |
When no one is checking in the room, we will need to call the delete event API |
|
|
Get event |
When displaying the events, we need to get the list of events using the get event API. |
Scope: User.ReadBasic.All
- Permission level: Non-admin
- Documentation: https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http
|
Action |
Justification |
API |
|
Get user |
When showing the room information and organizer, we need to use the get user API to show the display name. When booking a room, we need to pass in the room email as the organizer. This is used in conjunction with the calendar event APIs. |
Maps (Locations)
The Maps module connects to Office 365 using an OAuth passport under Integrations. In the current version of the module, a single scope is used with an admin permission level. In the future, we plan to use the scopes utilized by the room booking cards.Scope: Place.Read.All
- Permission level: Admin
- Documentation: https://docs.microsoft.com/en-us/graph/api/resources/place?view=graph-rest-1.0
|
Action |
Justification |
API |
|
Get place |
Request list of rooms/resources via the place API. This is used for searching the rooms during map configuration. |