This guide assumes you want to authorize Robin's Enterprise app in Office 365 as a Global Administrator that will not also act as the service account. This process will allow users to "Sign in with Office 365" without any ongoing connection to a Global Administrator.
- From Robin’s web dashboard, go to Manage > Integrations > Office 365. Select Connect and Service Account as a method. On the pop up window, sign in as a Global Administrator to add Robin as a service principal in your Office 365 tenant. This will allow you to manage user and group assignments directly inside Azure’s admin portal. Refer to the background on Understanding permissions with O365 enterprise apps for more on why the Global Administrator is required for this step.
- Remove the account from Robin, since we only needed it to approve the application initially. This will invalidate the tokens generated for your Global Administrator account, but leave the Service Principal within Azure AD. At this point, Robin has no access to your tenant, but you can now apply the correct settings within Azure.
- Optional: In Office 365’s Azure Admin Portal under “Enterprise Apps”, find Robin and enabled “Require user assignment” to require explicit assignment before logging into Robin.
- Enable “Users can consent to apps accessing company data on their behalf” in Office 365, which allows users with required permission to log into their assigned O365 apps. As mentioned above, this setting only applies to applications the global administrator has explicitly authorized already. It does not grant users the ability to create new applications you haven't already approved.
- Assign the service account to the Enterprise App now listed in the Azure Directory within Office 365. Optional: Assign a group policy instead.
- In Robin’s web dashboard, connect the actual service account via Manage > Integrations using the service account method. Accept the authorization prompt when it appears.
- Make sure service account has impersonation access within Office 365 for the calendars you would like it to manage, then connect the room calendars.
- Calendars are now connected and you’re ready to go. Any employees you assign to Robin in Office 365 will also be able to log in, and those you haven’t explicitly assign will be rejected by Microsoft when attempting to authenticate.