Azure AD/Office 365 integration allows users to log in using their Azure AD credentials and provides access to calendars for both people and meeting rooms. To add a new Azure AD/Office 365 Integration Provider choose the menu option Preferences -> Integrations.
Adding an Integration Provider
Click the + to add a new Integration Provider or click one that has been created previously to edit.
Choose an integration provider type. Exchange integrations are used solely for Microsoft Office calendar synchronisation, but Office 365 integrations also provide users with the option to log in to OfficeMaps using their Azure AD linked username and password.
When adding a new Azure AD/Office 365 Integration, you will be presented with a number of options. Complete them as described below. Please note you can initially only modify the values specified in this section before saving the Integration Provider.
Name: The name of the Integration Provider that can be easily identified.
User Groups: This is the name of an existing Windows Group/s to source users from (but not an Organisational Unit).
If more than one group is to be specified, separate with a semi colon. eg Accounts;Management.
These users will be added to the list of People in OfficeMaps.
Use for Authentication: If this option is selected, users will be able to log in to OfficeMaps using their Azure AD/Office 365 username and password.
Make this the default Authentication Provider: Selecting this option will make the Azure AD/Office 365 login method the default for users connecting to OfficeMaps. If this is the first Integration Provider being set up for this instance it is essential that this option be checked.
Office 365 Calendar Access
Allow access to calendars: Clicking on this icon will show the user's calendar linked to Office 365.
Make this the default calendar provider: Selecting this option will make this Integration Provider the default for viewing users' calendars.
You cannot modify any other buttons on this screen until the Integration Provider has been saved. Please ensure that you have saved the Integration Provider before continuing.
Important: To enable Azure AD for login, it must also be made the default login method.
To set an instance's default login method, this setting will need to be selected in Preferences->People under the section What is the default login method for all users?
Once an Integration Provider has been saved, it needs to be authorised so that it can connect to OfficeMaps. Authorise Options will only be enabled once the provider has been saved. An Azure AD Administrator is required to authorise the OfficeMaps Applications.
Each of the three Authorise links will redirect to a Microsoft Login as below in order to accept the required consent:
Authorise OfficeMaps Web
Click this link to allow Azure AD / Office 365 users that exist in OfficeMaps to log in using their own credentials.
Authorise OfficeMaps Mobile
This link enables Azure AD / Office 365 users that exist in OfficeMaps to login to the Mobile Application (Android, iOS) using their own credentials. This link is provided for situations where people have been blocked from providing consent themselves.
Authorise Access for AD Sync
This link grants the necessary permissions to OfficeMaps to perform the Synchronisation process. OfficeMaps needs to be able to locate the specified Group, retrieve its members and Add and Update OfficeMaps users based on the fields selected to be synchronised, including profile images. An additional Read Calendar permission is also requested. This will only be used if both the Calendar options are selected and the calendar view option is enabled for people/resources (the default is no access).
It is possible to allow login permissions and not use AD Sync, but all users will need to be created or imported manually and their username must match their Azure AD credentials.
For Hosted instances, these settings will generally not require changes. If your instance is hosted rather than on-premise, please do not make changes in this section without advice from OfficeMaps.
The original AD Sync required each Instance to create an Application in their Azure Ad tenant, configure permissions and manage an application key. This will still be required for Self-Hosted installations.
Tenant ID: This is the Azure AD tenant ID. It is required to identify the tenant and confirm that it matches the identity returned from Microsoft during the login process.
Domain: The default domain used for Office 365, and is generally the default email address domain. The format for this field is domain.com .
Adding Users through AD Sync
To ensure that users are added to OfficeMaps through this Azure AD Integration Provider, this option will need to be chosen in Preferences->People under the section How are new people added? More information about this is available in the article Options for Adding New People
. Be aware of the options that control behaviour in OfficeMaps when the user is either removed from the Integration Provider's user group or their account is disabled.