Google Cloud Platform Configuration

Introduction

In order to install Synergy Sky JOIN with Google Calendar integration, the G Suite environment must be prepared. This is done through the following 4 steps

1. Create a Google Cloud Platform Project or use an existing project

2. Enable three distinct APIs and Services

3. Create a service account or use an existing service account. This account must be given correct permissions. A private key must be generated and copied to the JOIN server.

4. Appropriate Calendar Access must be given to the Service Account via the G Suite Domain

Google Cloud Platform

A Google Cloud Console Project is required in order for JOIN to be able to read calendar resource accounts, user accounts and also have access to APIs that enable the JOIN integration.

Create a Google Cloud Platform Project or use an existing Project. The Project will be used for the API integration as well as for the Service Account.

Logging into the Google Cloud Platform console:

  • Browse to the following URL: https://console.cloud.google.com/iam-admin/serviceaccounts
  • Log in with your admin user account to manage your Google cloud console.

Creating a Project

(Skip this section if you already have a project you want to add this account to)

N.B on some occasions, Google fails to create the project and as such, sometimes you may need to create the project twice

 

To create new Google Cloud Console project,

  • Select IAM & Admin
  • Click the 'Create' button.
    • Fill in your project name, i.e. 'SynergyJOIN'.
    • Select Create

    Choosing an Existing Project

    Follow these steps if you already have existing projects you would like to use for this project,

    • Click on the Project Drop down arrow at the top left corner and you will be presented with the 'Select a Project Window'.
    • Select your desired project and click 'Open'

    Enabling API's and Services

    You will have to enable API's to work with the project you have created. The API's you will have to enable are Google Calendar API, GMail API & Admin SDK.

    • Google Calendar API - To allow reading and updating resource calendars
    • GMail API - To allow sending email
    • Admin SDK - To allow listing out current available resources from the configuration tool

    You need to enable one API at a time

     

    Go to the Menu, Select APIs & Services > Dashboard

     

    Select 'Enable APIs and Services'

     

    You should now be presented with the API Library.

     

    You will have to search for the APIs from this screen.

    First, Search for 'Google Calendar API'

    Select the 'Google Calendar API.

     

    Click Enable

     

    Once you have found this API, you will then have to perform a new search for GMail API

    Select Enable for the GMail API

     

    Once you have found this API, you will then have to perform a new search for Admin SDK API

    Select Enable for the Admin SDK API

    Service Account

    Create Service Account

    Select IAM & Admin and Choose 'Service Accounts

     

    Enter a Service Account Name and select Create

     

  • Select the role for this service account. Resource Manager > Organization Administrator.

    This will allow the service account to manage the meeting room resources.

    Once you have selected the role, Click the 'Create Key' Button.

    Create a Private Key for JOIN

    On the next screen, choose the JSON radio button and click 'Create'

     

    A file will be downloaded to your disk, this is your authentication information to be used by the JOIN application.

    • Copy this file to the same directory as the JOIN application. (i.e. c:\SynergySKY\SynergySKYEnterpriseScheduling).
    • Keep a secure copy of this file, since a new service account is required to be created if its lost.

    Once you are have moved the file to the same directory as the JOIN application and you click 'Done' you will be presented with a screen similar to the below with your newly created service account visible in the list.

     

    Enable Service accounts to access Calendar Resources

    In order to enable Service accounts, first we need to find the Service account ID for the service account on https://console.cloud.google.com

    Select IAM & Admin and Choose 'Service Accounts

     

    Copy the service account ID

     

    An Administrator of the G Suite domain must complete the next steps

    Google Admin Console

    Browse to the Google Admin Console https://admin.google.com

    Select Security from the list of controls.

    If you don't see Security listed, select More controls from the gray bar at the bottom of the page, then select Security from the list of controls.

    N.B If you can't see the controls, make sure you're signed in as an administrator for the domain.

     

    Select Advanced settings from the list of options

     

    Select 'Manage API client access' in the Authentication section

     

    1. In the Client Name field enter the service account's Client ID or Service account ID (which we copied in the previous step).

    In the One or More API Scopes field enter this list of scopes:

    https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly
    - To populate Available Rooms in the JOIN config tool

    https://www.googleapis.com/auth/calendar.readonly
    - To allow JOIN to access room calendars enabled in JOIN

    https://www.googleapis.com/auth/gmail.send
    - To allow JOIN to send notifications to its administrators as well as dial-in instructions for certain workflows (e.g. one-time VMRs).

    https://www.googleapis.com/auth/calendar
    - For workflows requiring calendar invitation updates, such as the green button for Polycom endpoints (if the EWS emulator is not used) or meeting invitation body updates, JOIN also has to have a write calendar access for those rooms.

    https://www.googleapis.com/auth/calendar.events
    - For workflows requiring calendar invitation updates, such as the green button for Polycom endpoints (if the EWS emulator is not used) or meeting invitation body updates, JOIN also has to have a write calendar access for those rooms. If read-only is sufficient, it should be at least this one set there: https://www.googleapis.com/auth/calendar.events.readonly

    Note: All of the scopes are required for the integration of Synergy JOIN with Google G Suite. It is not possible to exclude some of the scopes as this will cause parts of the integration not to work

    You can copy and paste the below api scopes as they are into the 'One or More API Scops' field box

    https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly, https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/calendar.readonly, https://www.googleapis.com/auth/gmail.send,https://www.googleapis.com/auth/calendar.events

    Click Authorize.

    The outcome should look like the below example:

     

    Service-act-on-behalf-of Email

     

    Browse to the dashboard and select 'Users'

     

    In the users section, select the user that you would like to use as the 'service-act-on-behalf-of Email' in Synergy JOIN.

     

    Scroll down to the 'Admin roles and privileges' section and verify that the user you would like to use has the role of 'Super Admin' enabled.

    Once you have verified this, copy the email address from this user and paste this into the 'service-act-on-behalf-of email' text button in the 'General Settings' tab in the Synergy JOIN configuration tool.

     

    More information on the general settings tab can be found here