Enterprise Connect – Guide for System Administrators
Enterprise Connect Overview
Enterprise Connect from Bookafy allows an organization to authorize a software provider access calendars on their company domain. Using Enterprise Connect the administrators of that domain retain full centralized control over which organizations can access which calendars and specifically what data in those calendars will be shared.
Enterprise Connect allows organizations to benefit from the efficiency of connected calendars without compromising on security or control.
Enterprise businesses around the world benefit from the secure calendar connectivity provided by Bookafy Enterprise Connect.
CALENDAR PROVIDER SUPPORT
Enterprise Connect works with:
- G-Suite (Google Apps for Business)
- Microsoft Office 365
- Microsoft Exchange (all versions 2007 SP1 or later)
HOW BOOKAFY WORKS?
When you grant a software provider access to your calendars using Bookafy, Bookafy acts as a broker of that data between your calendar service and the software provider, only granting the software provider access to the data you have agreed to share.
When a software provider is requesting access to your calendars using Bookafy, they specify the specific level of access to calendars that they would like using Scopes. Once you’ve agreed to this Bookafy will ensure that the only data the software provider will see and the actions they can perform are those which have been agreed to.
You can see the request scopes listed when you go through the process of connecting your calendar service.
The possible scopes are:
Scopes for Accessing Calendar Accounts
- manage linked accounts on your domain
- manage linked resources on your domain
- manage existing calendar events for accounts on your domain
- manage existing calendar events for resources on your domain
Scopes for data that can be accessed and actions which can be performed against each calendar account
- create new calendars
- create calendar events
- delete events that this app creates
- list your calendars
- read your account details
- read events in your calendars
- read free-busy information from your calendars
- change the participation status for an event
Bookafy takes the security of your calendar data seriously. All communications with your calendar service and with the software providers are performed via HTTPS utilizing 128-bit encryption.
All credentials and calendar data within our systems is encrypted at rest with the AES-256-GCM algorithm using a unique, randomly generated salt for each set of sensitive data. All stored data is encrypted at rest.
Bookafy has strict processes for its internal security and commissions regular 3rd party penetration testing.
The Bookafy service is continuously monitored for availability and utilisation by internal and external tools. Current and historic status reports are available upon request.
Enterprise Connect has three types of account:
- Service Account – allows for applications to request access to other account types.
- User – an account linked to a user’s calendars.
- Resource – an account linked to a resource (Room or Equipment) calendar.
Bookafy uses the OAuth 2.0 standard as the means for applications to request access to any of these accounts, each account receives its own set of credentials in the form of OAuth 2.0 access and refresh tokens. The access tokens for Service Accounts are shorter-lived due to their more sensitive nature.
The role of the service account is twofold, firstly this establishes the set of permitted scopes an application can request (see Scopes) and secondly to initiate the authorization process for other account types.
More information on our security policies and processes can be found in the Bookafy Security White Paper
CONTROLLING ACCESS USING THE ENTERPRISE CONNECT DASHBOARD
Once connected, you can use your Enterprise Connect Dashboard to control which software providers can access your calendar service using Bookafy.
From here you can review and revoke access to applications, revoke access to profiles and relink any profiles.
GRANTING ACCESS TO A SERVICE PROVIDER USING ENTERPRISE CONNECT
Your software provider will provide you with a link to follow to connect your calendars with their service. This connection process is hosted by Bookafy and it allows us to gain access to your calendar service and broker that access out to your software provider.
Follow the steps in this connection process to connect your calendar service to the software provider.
Step 1: Choose your calendar service
Microsoft Exchange and Microsoft Office 365 users:
Step 2: Configure your service
First create a user with ApplicationImpersonation role – details on how to do this can be found here: https://msdn.microsoft.com/en-us/library/office/dn722377(v=exchg.150).aspx
This role can be assigned to allow access to a subset of users and or the entire organization as desired.
Then click Connect and enter the details of the new user with the Application Impersonation role
Step 3: Login to your calendar service – Office 365
Step 3: Login to your calendar service – Exchange
Google Apps for Business users:
Step 2: Configure your service
To configure access to calendars hosted by Google an administrator of your Google Apps domain will need to first install the Bookafy application for Google Apps
Please note if a non-administrator user attempts to install the app this will be rejected.
Step 3: Login to your calendar service
Login as normal with your Google administrator account
Get stated with a 30 day trial. Our staff is available to set up your team at no extra cost.