Google Cloud Platform Configuration
In order to install Synergy Sky JOIN with Google Calendar integration, the G Suite environment must be prepared. This is done through the following 4 steps
1. Create a Google Cloud Platform Project or use an existing project
2. Enable three distinct APIs and Services
3. Create a service account or use an existing service account. This account must be given correct permissions. A private key must be generated and copied to the JOIN server.
4. Appropriate Calendar Access must be given to the Service Account via the G Suite Domain
Google Cloud Platform
A Google Cloud Console Project is required in order for JOIN to be able to read calendar resource accounts, user accounts and also have access to APIs that enable the JOIN integration.
Create a Google Cloud Platform Project or use an existing Project. The Project will be used for the API integration as well as for the Service Account.
Logging into the Google Cloud Platform console:
- Browse to the following URL: https://console.cloud.google.com/iam-admin/serviceaccounts
- Log in with your admin user account to manage your Google cloud console.
Creating a Project
(Skip this section if you already have a project you want to add this account to)
N.B on some occasions, Google fails to create the project and as such, sometimes you may need to create the project twice
To create new Google Cloud Console project,
- Select IAM & Admin
- Click the 'Create' button.
Choosing an Existing Project
Follow these steps if you already have existing projects you would like to use for this project,
- Click on the Project Drop down arrow at the top left corner and you will be presented with the 'Select a Project Window'.
- Select your desired project and click 'Open'
Enabling API's and Services
You will have to enable API's to work with the project you have created. The API's you will have to enable are Google Calendar API, GMail API & Admin SDK.
- Google Calendar API - To allow reading and updating resource calendars
- GMail API - To allow sending email
- Admin SDK - To allow listing out current available resources from the configuration tool
You need to enable one API at a time
Go to the Menu, Select APIs & Services > Dashboard
Select 'Enable APIs and Services'
You should now be presented with the API Library.
You will have to search for the APIs from this screen.
First, Search for 'Google Calendar API'
Select the 'Google Calendar API.
Once you have found this API, you will then have to perform a new search for GMail API
Select Enable for the GMail API
Once you have found this API, you will then have to perform a new search for Admin SDK API
Select Enable for the Admin SDK API
Create Service Account
Select IAM & Admin and Choose 'Service Accounts
Enter a Service Account Name and select Create
Select the role for this service account. Resource Manager > Organization Administrator.
This will allow the service account to manage the meeting room resources.
Once you have selected the role, Click the 'Create Key' Button.
Create a Private Key for JOIN
On the next screen, choose the JSON radio button and click 'Create'
A file will be downloaded to your disk, this is your authentication information to be used by the JOIN application.
- Copy this file to the same directory as the JOIN application. (i.e. c:\SynergySKY\SynergySKYEnterpriseScheduling).
- Keep a secure copy of this file, since a new service account is required to be created if its lost.
Once you are have moved the file to the same directory as the JOIN application and you click 'Done' you will be presented with a screen similar to the below with your newly created service account visible in the list.
Enable Service accounts to access Calendar Resources
In order to enable Service accounts, first we need to find the Service account ID for the service account on https://console.cloud.google.com
Select IAM & Admin and Choose 'Service Accounts
Copy the service account ID
An Administrator of the G Suite domain must complete the next steps
Google Admin Console
Browse to the Google Admin Console https://admin.google.com
Select Security from the list of controls.
If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls.
N.B If you can't see the controls, make sure you're signed in as an administrator for the domain.
Select Advanced settings from the list of options
Select 'Manage API client access' in the Authentication section
- In the Client Name field enter the service account's Client ID or Service account ID (which we copied in the previous step).
In the One or More API Scopes field enter this list of scopes:
- To populate Available Rooms in the JOIN config tool
- To allow JOIN to access room calendars enabled in JOIN
- To allow JOIN to send notifications to its administrators as well as dial-in instructions for certain workflows (e.g. one-time VMRs).
- For workflows requiring calendar invitation updates, such as the green button for Polycom endpoints (if the EWS emulator is not used) or meeting invitation body updates, JOIN also has to have a write calendar access for those rooms.
- For workflows requiring calendar invitation updates, such as the green button for Polycom endpoints (if the EWS emulator is not used) or meeting invitation body updates, JOIN also has to have a write calendar access for those rooms. If read-only is sufficient, it should be at least this one set there: https://www.googleapis.com/auth/calendar.events.readonly
Note: All of the scopes are required for the integration of Synergy JOIN with Google G Suite. It is not possible to exclude some of the scopes as this will cause parts of the integration not to work
You can copy and paste the below api scopes as they are into the 'One or More API Scops' field box
https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly, https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/gmail.send,https://www.googleapis.com/auth/calendar.events
The outcome should look like the below example:
Browse to the dashboard and select 'Users'
In the users section, select the user that you would like to use as the 'service-act-on-behalf-of Email' in Synergy JOIN.
Scroll down to the 'Admin roles and privileges' section and verify that the user you would like to use has the role of 'Super Admin' enabled.
Once you have verified this, copy the email address from this user and paste this into the 'service-act-on-behalf-of email' text button in the 'General Settings' tab in the Synergy JOIN configuration tool.
More information on the general settings tab can be found here