Getting start
ONES provide 4 kinds of integration method for the user single-sign-on purpose, which can help you to easily manage the system and users through the integration. Which integration should be chosen depends on the network security, the level for permission you grant to ONES and also the service your organization used.
Of course, the more functionality & feature to be included in ONES, a higher level of access right is required to be granted to ONES.
We recommend users who only use hot-desk and visitor management modules can use Active directory to avoid security concerns on authentication of access right to ONES.
Comparison of different integration
Microsoft 365 | Exchange Server | Active Directory with LDAP | Single sign on Only | |
---|---|---|---|---|
Single sign on mechanism | OAuth | ADFS | ADFS / LDAP | ADFS |
Support Outlook add-in | Full function | Full function | Partially support | Partially support |
Show Offision's Bookings in Outlook calendar | Yes | Yes | Yes 1 | Yes 1 |
User account synchronization | Microsoft Graph | Exchange Powershell | LDAP | No synchronization |
Synchronize (2-way) User's appointment to Exchange 2 | Yes | Yes | No | No |
Synchronize (2-way) Exchange Room's appointment to Exchange | Yes | Yes | No 3 | No 3 |
Allow create booking in Outlook directly 4 | Yes | Yes | No | No |
Permission requirement | Azure Active Directory Application with Microsoft Graph User.Read.All , Place.Read.All ,Group.Read.All and Calendars.ReadWrite permissions | Service account with ApplicationImpersonation and View-Only Recipients permission | Service account with LDAP ReadOnly permission | No permission requirement |
Pros | Fully integration with Microsoft365, can reserve the resource through outlook directly, and create Teams meeting | Fully integration with Exchange server, can reserve the resource through outlook directly | No permission & access need for Exchange server | No access permission require, no access require to Active directory |
Cons | High user access permission require | High user access permission require | Cannot use existing room / equipment in Exchange server | Cannot use existing room / equipment in Exchange server. User account will be created only when the user first time login, difficult to pre-assign the booking permission to user |
- The system can allow create booking in Outlook directly without support of Outlook add-in↩
- If not using Exchange server's Rooms / Equipment, we suggest not to create / disable all existing Rooms and Equipments in Exchange server to prevent user get confused. ↩
- Not only the Booking with the room / equipment, all appointment in user's Outlook will be synchronized into Offision↩
- Offision server will send email with iCal to organizer and attendees, the bookings information will import into their Outlook calendar automatically↩