Introduction
In order to configure Synergy SKY with the Google Calendar integration, your Google Workspace environment must be prepared. This is done through the following 4 steps:
- Create a Google Cloud Platform Project or use an existing project
- Enable three distinct APIs and Services
- Create a service account or use an existing service account. This account must be given the correct permissions. A private key must be generated and copied to the JOIN server.
- Appropriate Calendar Access must be given to the Service Account via the Google Workspace Domain
Prerequisites
- Google Calendar Resource(s)
Configuration Reference
- Integration Settings
Step-by-Step Guide
Configuring the Google Cloud Platform
A Google Cloud Console Project is required in order for Synergy SKY to be able to read calendar resource accounts, user accounts and also have access to APIs that enable the Synergy SKY integration.
Create a Google Cloud Platform Project or use an existing Project. The Project will be used for the API integration as well as for the Service Account.
Logging into the Google Cloud Platform console:
- Browse to the following URL: https://console.cloud.google.com/iam-admin/serviceaccounts
- Log in with your admin user account to manage your Google cloud console.
Creating a Project
(Skip this section if you already have a project you want to add this account to.)
Note: on some occasions, Google fails to create the project and as such, sometimes you may have to create the project twice
To create new Google Cloud Console project:
- Select IAM & Admin
- Click the 'Create' button
- Fill in your project name, i.e. 'SynergyJOIN'.
- Select Create
Choosing an Existing Project
Follow these steps if you already have existing projects you would like to use for this project:
- Click on the Project Drop down arrow at the top left corner and you will be presented with the 'Select a Project Window'.
- Select your desired project and click 'Open'
Enabling API's and Services
You will have to enable API's to work with the project you have created. The API's you will have to enable are Google Calendar API, GMail API & Admin SDK.
- Google Calendar API - To allow reading and updating resource calendars
- GMail API - To allow sending email
- Admin SDK - To allow listing out current available resources from the configuration tool
You have to enable one API at a time.
- Go to the Menu, Select APIs & Services > Dashboard
- Select 'Enable APIs and Services'
- You should now be presented with the API Library
- You will have to search for the APIs from this screen.
- First, Search for 'Google Calendar API'
- Select the 'Google Calendar API
- Click Enable
- Once you have found this API, you will then have to perform a new search for GMail API
- Select Enable for the GMail API
- Once you have found this API, you will then have to perform a new search for Admin SDK API
- Select Enable for the Admin SDK API
Creating the Service Account
- Select IAM & Admin and Choose 'Service Accounts'
- Enter a Service Account Name and select Create
- Select the role for this service account. Resource Manager > Organization Administrator. This will allow the service account to manage the meeting room resources.
- Once you have selected the role, Click the 'Create Key' Button.
Create a Private Key for Synergy SKY
- On the next screen, choose the JSON radio button and click 'Create'.
A file will be downloaded to your disk, this is your authentication information to be used by the Synergy SKY software.
- Upload this file when you are adding the Google API connection:
- Keep a secure copy of this file, as a new service account is required to be created if its lost.
- Once you are have moved the file to the correct location and click 'Done' you will be presented with a screen similar to the below with your newly created service account visible in the list
Enable Service accounts to access Calendar Resources
In order to enable Service accounts, find the Service account ID for the service account at https://console.cloud.google.com
- Select IAM & Admin and Choose 'Service Accounts'
- Click on the service account and copy the unique ID on the following Service account details page. You will need this ID for the next step.
An Administrator of the Google Workspace domain must complete the next steps
Google Admin Console
- Browse to the Google Admin Console https://admin.google.com
- Select Security from the list of controls. If “Security” is not listed on screen, select MORE CONTROLS” from the grey bar at the bottom of the page to reveal.
Note: If no controls are listed, make sure you're signed in as an administrator for the domain.
- Select API controls from the list of options
- Select 'MANAGE DOMAIN WIDE DELEGATION' in the Domain wide delegation section
- Click 'Add new' and enter the service account's Client ID or Service account ID (which we copied in the previous step).
In the OAuth scopes field enter this list of scopes:
https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly
- To populate Available Rooms in the JOIN config tool
https://www.googleapis.com/auth/calendar.readonly
- To allow JOIN to access room calendars enabled in JOIN
https://www.googleapis.com/auth/gmail.send
- To allow JOIN to send notifications to its administrators as well as dial-in instructions for certain workflows (e.g. one-time VMRs).
https://www.googleapis.com/auth/calendar
- For workflows requiring calendar invitation updates, such as the green button for Polycom endpoints (if the EWS emulator is not used) or meeting invitation body updates, JOIN also must have a write calendar access for those rooms.
https://www.googleapis.com/auth/calendar.events
- For workflows requiring calendar invitation updates, such as the green button for Polycom endpoints (if the EWS emulator is not used) or meeting invitation body updates, JOIN also must have a write calendar access for those rooms. If no body updates are required and read-only priviledges ares sufficient, then this API scope can be used as a minimum: https://www.googleapis.com/auth/calendar.events.readonly
Note: All of the scopes are required for the integration of Synergy SKY with Google Workspace. It is not possible to exclude some of the scopes as this will cause parts of the integration not to work
You can copy and paste the below api scopes as they are into the 'OAuth scopes' field box
https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly, https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/gmail.send,https://www.googleapis.com/auth/calendar.events
Click Authorize.
The outcome should look like the below example:
Service-act-on-behalf-of Email
- Browse to the dashboard and select 'Users'
- In the Users section, select the user that you would like to use as the 'service-act-on-behalf-of Email' in Synergy SKY
- Scroll down to the 'Admin roles and privileges' section and verify that the user you would like to use has the role of 'Super Admin' enabled.
- Once you have verified this, copy the email address from this user and paste this into the 'service-act-on-behalf-of email' text button in the 'General Settings' tab in the Synergy SKY configuration tool.