Versions Compared

Old Version 15

changes.mady.by.user Petri Tolppanen

Saved on

compared with

New Version Current

changes.mady.by.user Petri Tolppanen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

This page describes how to install

Optimaze

EG Worksense to your

Organization’s

organization’s Microsoft 365 account as

an ‘Azure Enterprise Application’

an Entra ID Enterprise Application.

Table of Contents

General

Azure

Microsoft Entra ID Enterprise Applications

Microsoft allows 3rd party developers to create applications that can be easily integrated to their own solutions and use Microsoft identity platform to provide secure sign-in and authorization. These 3rd party applications are registered in Microsoft’s platform. Optimaze Worksense application

(App)

is registered under

Rapal’s Azure AD

our Entra ID tenant (Developer’s tenant).

You can read more information about Microsoft 365 Integrated Apps from Microsoft’s documentation here and about Microsoft identity platform here.

Why install Worksense as an

Azure

Entra ID Enterprise Application?

When

Optimaze

Worksense is installed as an

Azure

Entra ID Enterprise Application your organization’s employees can:

  • Sign in to Worksense with their personal Microsoft work accounts

  • Use the booking feature to quickly find and book meeting spaces

Global

Admin

administrator

Why a Global

Admin

administrator is needed in the installation?

In Microsoft 365 only

a ’Global admin

Global administrator can install

‘Azure

Entra ID Enterprise

Applications’

Applications. This prevents any user from granting apps access to sensitive parts of your configuration. You can read more from Microsoft documentation about installing an Integrated App, here.

EG Worksense does not need to

work ’Global admin’

work Global administrator privileges, it is only required in the installation. Also, Worksense does not gain the abilities of

a ’Global admin’

Global administrator, similar to how creating a new user mailbox as

the ‘Global admin’

the Global administrator does not transfer power to the user account simply because an admin is needed to complete the set up step.

Required

Permissions

permissions by Worksense

Technically

Optimaze

EG Worksense is split into two separate

Azure

Entra ID Enterprise

applications

Applications,

‘Optimaze Worksense’

Optimaze Worksense and

‘Optimaze

Optimaze Worksense Calendar

Intergration’

Integration. The first one handles only the Single Sign

in

-On and second

on

one only reading and writing calendars in mailbox. If you use only the integration for Single

Sing

Sign-On, you do not need to install the

‘Optimaze

Optimaze Worksense Calendar

Integration’ app

Integration app.

Permissions required for using Single Sign-On

Permission

Type

Description

Worksense feature using permission

Sign in and read user profile

Delegated

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.

User’s name and email are saved into EG Worksense. These are always read when the user signs in and will be updated to EG Worksense if they change.

Sign in with Microsoft

,

The

(the permission is not used if you do not enable the feature

.

)

Permissions required for integrating Microsoft 365 bookable resources with EG Worksense

Permission

Type

Description

Worksense feature using permission

Read and write calendars in all mailboxes

Application

Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

EG Worksense needs read and write permissions to all calendars in order to use the booking features from lobby screens as lobby screen is not an actual user.

Booking features

,

The

(the permission is not used if you do not enable the feature

.

)


Note
Optimaze

EG Worksense has access to all calendars in your organization’s

M365

Microsoft 365 account with

the ‘Read

the Read and write calendars in all

mailboxes’

mailboxes application level permission. More information regarding the permissions can be found on

Microsoft’s

Microsoft Graph documentation, here.

We cannot restrict the access from

Optimaze Worksense’s

the Worksense end. It has to be done from the Microsoft 365 side. If you need to restrict

use

usage of certain calendars, you can scope the application permissions to specific

exchange online

Exchange Online mailboxes. See Microsoft instructions here.

Info

Through

Optimaze

EG Worksense, users can access only those calendars that have been entered into the system. See instruction here how the calendars are added. Also the booking feature has to be enabled.

Installing

Optimaze

EG Worksense as an Enterprise Application

Info
Optimaze

An EG Worksense account can be linked to only one

Azure AD

Entra ID tenant at a time.

Info

You can install EG Worksense manually

Optimaze Worksense

in

Azure AD

Entra ID. This requires

work by

assistance from our support and must be agreed separately.

When setting up EG Worksense the redirect

uri

URI is: https://worksense.optimaze.net/signin-oidc and you need to provide us your

Azure AD

Entra ID tenant ID.

You must have

a ’Global admin’

Global adminrole in

M365

Microsoft 365 to continue

and ‘

and Administrator

permissions’

role in

Optimaze

EG Worksense.

If

 If you do not have an account with the

‘Global admin’ role

Global admin role you need to contact  your organization’s IT department.

1.
  1. Log in
to info
  1. to EG Worksense on your web browser
2. Navigate to the ‘Administration’ tab and click ‘Microsoft 365’ under integrations
  1. Click Administration
    • If the
tab
    • navigation bar option is not visible
please
    • , contact your organization’s EG Worksense main user or Submit a
Support Request
  2. Click Microsoft 365
3.
  1. Click
the ‘
  1. the Connect
’ button
  1.  button. This will start Microsoft’s Oauth flow to install the app.
4.
  1. Enter
your ‘
  1. your Global admin
’ account
  1.  account credentials
    Info
      • If you get “Need admin approval”, it means the account you used is not
    a ‘Global Admin’
      • Global Admin in Microsoft 365. You need to log in using a different account or have
    your  IT  department 
      • your IT department temporarily change your user permissions in Microsoft 365.
    5.
    1. EG Worksense will ask for permissions to access your organization’s Microsoft 365 data.
    Click ‘Accept’ to proceed Info
    1. Take your time to
    read
    1. fully understand them what permissions are required
    to fully understand them
    1. .
    1. Why does EG Worksense need the permissions? For certain features to work, EG Worksense requires these permissions. You can see for more details
    on this page
    1. above under the ‘Required Permissions by Worksense’ section.
    2. Click Accept to proceed
    6.
    1. You are good to go!
    InfoYou can check that Optimaze Worksense is visible from your Microsoft 365 account’s app overview, here
    7.
    1. Now you can:
      1. Enable sign in with Microsoft
      2. Enable Microsoft 365 booking feature
    Image Removed

    Image Removed

    Image Removed