Microsoft 365 integration

This section will introduce the procedure of integration with Microsoft 365.

Functionalities

User can:

Synchronize room from Microsoft 365
Synchronize user / user groups from Microsoft 365
Synchronize Bookings on the room between Microsoft 365 and ONES
User can login to the ONES via Single sign on

Network Connectivity

Network connection diagram

Connect from User Web App, Outlook Add-in, Management Console to Offision Server
- For open the Web App of ONES.
- Port: TCP 443
Connect from Offision Server to Offision Device
- For room display, floor display, etc.. connect to Servers to receive the signal., Offision Server can real-time update data through the https and wss protocol.
- Port: TCP 443
Connect from Offision Server to SMTP Server
- For sending email through the SMTP Server, sending email to the receiver.
- Port: TCP 25, 465, or 587 (depend on the SMTP Server setting)
Connect from Offision Server to Microsoft 365 through Microsoft Graph:
- For synchronize all user and user groups in Microsoft 365, also for Microsoft 365 push information to ONES
- Port: TCP 443 for both inbound and outbound
Connect from User Web App, Outlook Add-in, Management Console to the Microsoft 365
- For user single sign on with OpenID
- Port: TCP 443

Integration

There are 4 integrations type can be chosen. Each of the integration will need different type of Microsoft API permissions. Please select the suitable integration based on the needs and Microsoft API permissions that can be given by your organization.

Integration comparison

	Application permission	Delegated permission	Delegated resource only	Application resource only
Suggestion	Suggest for companies who will use ONES for all staff	Suggest for companies who will use ONES for part of staff/department.	Suggest for companies who have a higher security concern, while ONES will only access resource calendar (will not access user calendar).	Suggest for companies who have a higher security concern, while ONES will only access resource calendar (will not access user calendar).
Functionality	⚪ All Functionality	⚪ All Functionality	🔺 Limited Functionality¹	🔺 Limited Functionality¹
User Action	-	Users have to login ONES once for booking resources	-	-
Required Microsoft API permission	Under `Application permissions`: Calendar.ReadWrite, User.Read.All, Group.Read.All, Place.Read.All	Under `Delegated permissions`: Calendar.ReadWrite.Shared, openId, offline_access	Under `Delegated permissions`: Calendar.ReadWrite.Shared, openId, offline_access	Under `Application permissions`: Calendar.ReadWrite, Place.Read.All

Advanced setting

Cross domain booking behavior

This setting allows users to book the resources in different domain.

Representative email address: This column is for system to via the representative email address to book the resources which is under that domain.

The representative email address needs to under that domain and have permission to book resources. You are suggested to create a dummy account instead of real user account for better management.

Email setting

This setting will use the set email address to send system email.

Sender email address: This column is for system to via the email address to send system. After you set the email address, you also need to set it on "Email setting".

The email address needs to under that domain. You are suggested to create a dummy account instead of real user account for better management.

For functionality comparison of different integration, please refer to FAQ ↩

Functionalities​

Network Connectivity​

Integration​

Integration comparison​

Advanced setting​

Cross domain booking behavior​

Email setting​