Versions Compared

Old Version 11

changes.mady.by.user Unknown User (5a2a74cf6877a040f0720045)

Saved on

compared with

New Version Current

changes.mady.by.user Petri Tolppanen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

This page describes how to install

Optimaze

EG Worksense to your

Organization’s

organization’s Microsoft 365 account as

an ‘Azure Enterprise Application’.

an Entra ID Enterprise Application.

Table of Contents

General

Azure

Microsoft Entra ID Enterprise Applications

Microsoft allows 3rd party developers to create applications that can be easily integrated to their own solutions and use Microsoft identity platform to provide secure sign-in and authorization. These 3rd party applications are registered in Microsoft’s platform. Optimaze Worksense application

(App)

is registered under

Rapal’s Azure AD

our Entra ID tenant (Developer’s tenant).

You can read more information about

M365

Microsoft 365 Integrated Apps from Microsoft’s

documentation

documentation here and about Microsoft identity platform here.

Why install Worksense as an

Azure

Entra ID Enterprise Application?

Optimaze

When Worksense is installed as an

Azure

Entra ID Enterprise Application your organization’s employees can:

  • Sign in to Worksense with their personal Microsoft work accounts

  • Use the booking feature to quickly find and book meeting spaces

Global

Admin

administrator

Why a Global

Admin

administrator is needed in the installation?

In

MS

Microsoft 365 only

a ’Global admin

Global administrator can install

‘Azure

Entra ID Enterprise

Applications’

Applications. This prevents any user from granting apps access to sensitive parts of your configuration. You can read more from Microsoft documentation about installing an Integrated App, here.

Optimaze

EG Worksense does not need to

work ’Global admin’

work Global administrator privileges, it is only required in the installation. Also, Worksense does not gain the abilities of

a ’Global admin’

Global administrator, similar to how creating a new user mailbox as

the ‘Global admin’

the Global administrator does not transfer power to the user account simply because an admin is needed to complete the set up step.

Required

Permissions

permissions by Worksense

Technically EG Worksense is split into two separate Entra ID Enterprise Applications, Optimaze Worksense and Optimaze Worksense Calendar Integration. The first one handles only the Single Sign-On and second one only reading and writing calendars in mailbox. If you use only the integration for Single Sign-On, you do not need to install the Optimaze Worksense Calendar Integration app.

Permissions required for using Single Sign-On

Permission

Type

Description

Worksense feature using permission

Sign in and read user profile

Delegated

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

User’s name and email are saved into

Optimaze

EG Worksense. These are always read when the user signs in and will be updated to EG Worksense if they change.

Sign in with Microsoft

,

The

(the permission is not used if you do not enable the feature

.

)

Permissions required for integrating Microsoft 365 bookable resources with EG Worksense

Permission

Type

Description

Worksense feature using permission

Read and write calendars in all mailboxes

Application

Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

EG Worksense needs read and write permissions to all calendars in order to use the booking features from lobby screens as lobby screen is not an actual user.

Booking features

,

The

(the permission is not used if you do not enable the feature

.

)


Note
Optimaze

EG Worksense has access to all calendars in your organization’s

M365

Microsoft 365 account with

the ‘Read

the Read and write calendars in all

mailboxes’

mailboxes application level permission. More information regarding the permissions can be found on

Microsoft’s

Microsoft Graph documentation, here.

Unfortunately we

We cannot restrict the access from

Optimaze Worksense’s

the Worksense end

the access

. It has to be

restricted

done from the Microsoft

M365

365 side. If you

have the

need to restrict

the use

usage of certain calendars, you can

do that by scoping

scope the application permissions to specific

exchange online

Exchange Online mailboxes. See Microsoft instructions here.

Info

Through

Optimaze

EG Worksense, users can access only those calendars that have been entered into the system.

 

See

instruction

instruction here how the calendars are added. Also the booking feature has to

be

be enabled

, see instructions here

.

Installing

Optimaze

EG Worksense as an Enterprise Application

Info
Optimaze

An EG Worksense account can be linked to only one

Azure AD

Entra ID tenant at a time.

Info

You can install EG Worksense manually

Optimaze Worksense

in

Azure AD

Entra ID. This requires

work by

assistance from our support and must be agreed separately.

When setting up EG Worksense the redirect

uri

URI is: https://worksense.optimaze.net/signin-oidc and you need to provide us your

Azure AD

Entra ID tenant ID.

You must have

a ’Global admin’

Global adminrole in

M365

Microsoft 365 to continue

and ‘

and Administrator

permissions’

role in

Optimaze

EG Worksense.

If

 If you do not have an account with the

‘Global admin’ role

Global admin role you need to contact  your organization’s IT department.1.

  1. Log in
to Optimaze info
  1. to EG Worksense on your web browser
2. Navigate to the ‘Administration’ tab and click ‘Office 365’ under integrations
  1. Click Administration
    • If the
tab
    • navigation bar option is not visible
please
    • , contact your organization’s
Optimaze
Support Request

3. Click the ‘Connect’ button

  1. Click Microsoft 365
  2. Click the Connect button. This will start Microsoft’s Oauth flow to install the app.
4.
  1. Enter
your ‘
  1. your Global admin
’ account
  1.  account credentials
info
    • If you get “Need admin approval”, it means the account you used is not
a ‘Global Admin’ in M365
    • Global Admin in Microsoft 365. You need to log in using a different account or have
your  IT  department 
    • your IT department temporarily change your user permissions in
M365
    • Microsoft 365.
5. Optimaze
  1. EG Worksense will ask for permissions to access your organization’s
O365
  1. Microsoft 365 data.
Click ‘Accept’ to proceednote
  1. Take your time to
read what permissions are required to
  1. fully understand them
Take your time to read
  1. what permissions are required
to fully understand them Info
  1. . Why does
Optimaze
  1. EG Worksense need the permissions? For certain features to work
Optimaze
  1. , EG Worksense requires
these 
  1. these permissions. You can see for more details
on this page
  1. above under the ‘Required Permissions by Worksense’ section.
  2. Click Accept to proceed
6.
  1. You are good to go!
Info

You can check that Optimaze Worksense is visible from your M365 account’s app overview, here

7.
  1. Now you can:
    1. Enable sign in with Microsoft
    2. Enable
O365
    1. Microsoft 365 booking feature
.
Image Removed

Image Removed

Image Removed