Authorizing Robin's enterprise app in Microsoft 365

Connection Guide

We recommend integrating via app when setting up a Microsoft 365 integration, but if you would like greater access control, we do have a service account option.

This guide assumes you want to connect via a service account but need to first authorize Robin's Enterprise app in Microsoft 365 as a Global Administrator that will not also act as the service account. This process will allow users to "Sign in with Microsoft 365" without any ongoing connection to a Global Administrator.

  1. From Robin’s web dashboard, go to Manage > Integrations > next to Microsoft 365, select Connect. 
  2. Select Connect via Service Account as a method. step 2.png
  3. On the pop-up window, sign in as a Global Administrator to add Robin as a service principal in your Microsoft 365 tenant. This will allow you to manage user and group assignments directly inside Azure’s admin portal.
  4. Check the Consent on behalf of your organization box.
  5. Remove the account from Robin, since we only needed it to approve the application initially. This will invalidate the tokens generated for your Global Administrator account, but leave the Service Principal within Azure AD. At this point, Robin has no access to your tenant, but you can now apply the correct settings within Azure. step 4.png
  6. In Robin’s web dashboard, connect the actual service account via Manage > Integrations using the service account method. Accept the authorization prompt when it appears.
  7. Make sure the service account has delegate access within Microsoft 365 for the calendars you would like it to manage, then connect the room calendars.
  8. Calendars are now connected, and you’re ready to go.

Optional:

  1. In the Microsoft Entra admin center, under “Enterprise Apps,” find Robin (SSO + Service Accounts) and enable Assignment required? in the Properties tab to require explicit assignment before logging into Robin. Screenshot 2024-09-18 at 12.52.58 PM.png
  2. Assign the service account to the Robin (SSO + Service Accounts) app under the Users and groups tab. Any employees you assign to Robin in Microsoft 365 will also be able to log in, and those you haven’t explicitly assign will be rejected by Microsoft when attempting to authenticate. 

Articles in this section

Was this article helpful?
3 out of 7 found this helpful
Share