Skip to main content
Eptura Knowledge Center

Workplace Calendar Service for Exchange V2 FAQs

  1. Last updated
  2. Save as PDF

Explore the Frequently Asked Questions for the Workplace Calendar Service for Exchange V2.

 

Q1. Eptura Workplace (formally iOffice) is an SaaS for workplace management. What is the use-case for an integration with Nylas?  

The primary use case for customers is to sync calendar events between the customer’s email service provider and the Eptura Workplace Reservations module. This allows the customer’s employees to manage their work meetings using multiple touchpoints - in Outlook, in the Workplace Reservations web page or using the Workplace Hummingbird mobile app. For customers who currently integrate their Microsoft Exchange instance with Workplace Reservations, the new calendar service built in partnership with Nylas https://www.nylas.com/ will provide a stable and reliable user experience, a standardized authentication process, and calendar admin tools for connecting accounts and configuring linked spaces.

Q2. What data elements are needed for this integration?

A Microsoft Service Account with admin permissions (or for an admin to authorize access), the room resource SMTP address and the Workplace room ID of the space that will be linked to the room resource calendar.

Q3.What personal data is used, e.g. name, email etc.?

Eptura’s calendar service authenticates through the use of a service account with the room resource calendar’s SMTP address/mailbox, not the individual user’s calendar mailbox. We do, by syncing events between Eptura Workplace and the customer’s email service provider via Nylas. We store the user’s email address as an attribute of the created event to allow us to send booking notifications. Eptura Workplace stores emails for all person records created by the Administrator in our application for the purpose of conducting operational transactions. We do not store PII data beyond those values needed to use the application - name, email, phone number (optional). We do not have permissions to the user’s calendar.

Q4. Will the Eptura Workplace calendar service have access to my user’s personal Outlook mailbox or contents?

We will have read-only access for the purpose of syncing calendar events and sending email notifications. We cannot write to the user’s calendar account.

Q5. Do you support OAuth2.0 for this integration?

Yes via Office365 SSO.

Q6. Will you connect to us using an API? Who will manage API keys?

We connect to Office365. Our application is authorized using a Service Account with impersonation rights to the room resources. See this Nylas article https://developer.nylas.com/docs/developer-guide/provider-guides/microsoft/office-365-service-accounts/#give-account-permissions

Q7. Will my Eptura Workplace application be able to pull or push data to Nylas application?

No. There is not API to the Nylas service. Customers will continue to use the existing Eptura Workplace Reservations API, see REST API.

Q8. What type of data from my Exchange/Outlook instance is being stored by Eptura vs Nylas? How is the data stored?

We both store resource IDs, event IDs, and calendar items. Eptura streams the data through Kafka and stores it in Azure. All transmission of that data is encrypted. Storage in Azure is also encrypted. Details for Nylas can be found here: https://trust.nylas.com/

Q9. How are inbound calls handled? (will Nylas be pulling data from outlook? What data?)

There are no inbound calls. All communications is with Office365. In a hybrid model, we still only connect to Office365 and it, in turn, communicates to the various Exchange instances that have been properly set up in Hybrid mode using OAuth.

Q10. How is metadata like attachments from meeting room bookings being stored? Can meta data be stripped from the bookings details?

Workplace stores metadata about the event itself, such as an eventID and iCalID, but we do not store attachments. All meta data can be stripped using the Exchange Admin Center. For information about how Nylas stores data reference this website - https://trust.nylas.com/

Q11. I contract with a 3rd party to manage my Eptura Workplace application. Will my contracted vendor/consultant implement the calendar integration?

That is up to the customer. For new customers, either the 3rd party provider or the Eptura Professional Services team (fee based) will configure the integration in the admin section of the Workplace UI. For migrating customers moving from the old to the new service, our Support team will assist the 3rd party vendor.

Q12. When migrating to the new calendar service, do I need to wipe the existing calendar service credentials configured in Admin > Reservations > Preferences?

Yes. After the ‘calendar service’ feature flag is enabled the ability to configure credentials for the old service will be hidden on the Admin > Reservations > Preferences screen. For existing customers migrating to the new service, these credentials will need to be removed and those changes saved prior to the enablement of the ‘calendar service’ feature flag. This will be done as a step in the migration process.

Q13. Should I turn off email notifications during the migration process?

Yes, this is recommended best practice for existing customers with an active integration in place. The old service will stop listening to and syncing with your email provider's service account and begin listening to the new service. This will result in a series of canceled events from the old service and newly created events from the new service to replace them. Turning off email notifications will reduce the ‘noise’ experienced by your end users. Email notifications triggered by the migration should reduce significantly after a 3-4 day period.

Q14. Does the new calendar service support multiple MS service accounts?

Yes, multiple Microsoft Exchange service accounts can be supported per customer application code. For example, the demo URL https://outofbox.iofficeconnect.com has a corresponding app code of ‘iofficeconnect_outofbox’. In the old service, this was separated by Reservation centers.

In the new service, it is up to the customer to map the appropriate room resource calendar addresses to the correct roomIDs (space name) via the ‘Manage Calendars’ screen for each integrated service account.

For migrating customers who choose to authenticate more than one service, the tools in the Admin section for the calendar integration designed to facilitate bulk actions must not be used as they may produce conflicting results between service accounts.

Q15. Will the new calendar service support Google Calendar?

Yes, support for the authentication of Google Calendars and Google Service Accounts has been completed. The Product and Engineering teams will be reviewing and scoping the remaining work needed within the service and our application to bring us to a point of conducting a beta for Google Calendar in the late second half of 2024. Note that timing and final scope are pending and subject to change.

Q16. Can an instance of Microsoft Exchange/Office 365 be implemented side-by-side with a Google Calendar instance?

Yes, the new service will support this. We anticipate support for Google Calendar integrations to be introduced in the late first half of 2024.

Q17. Does the new calendar service have an API?

Yes. However, it is not exposed to customers. Workplace calls this API via Kafka or scheduled calls to update events within our application. Customer will use the existing API for any external integration needs.

Q18. Will the new service support future integrations with Microsoft Teams?

Yes. The scope and availability of integrations with MS Teams is subject to future approval and prioritization of additional feature sets by the Product team.

Q19. Where is the Workplace Calendar Service for Exchange V2 hosted?

The service is currently hosted in the US. Our hosting site in France is expected to be added in the first half 2024.

Q20. I’ve added my rooms via the ‘Manage Calendars’ page (manual or bulk upload) and my new calendar address does not show up on the ‘manage calendar’ list. Why is the address not being recognized/authorized?

Check settings for the room resource account to ensure that the account's primary SMTP email address is being used. Also double check that the email address belongs to the service account’s domain and that it has a valid mailbox associated with it.

Q21. Must a Microsoft service account with admin permissions be created? Can an existing admin account be used instead so that a service account does not require admin rights?

Technically, no the service account does not need admin permissions. However, in our experience, admin rights are required in order to grant the appropriate permissions to the Workplace Calendar Service for Exchange V2 on behalf of your organization. This is dependent on your organization's user consent settings. If your organization requires admin consent settings, you can provide that consent with a different admin account, which can consent on behalf of your organization, and then you can authorize the service account. The admin account can then be removed.

Q22. Does the new calendar service support 2-factor authentication?

Yes. As this service uses OAUTH to authenticate, a service account can have multiple-factor authentication enabled and still work. When the account is authorized, they will do any muti-factor authentication (MFA) needed with O365. We will still receive a token and refresh token, and use those to further access the account.

Q23. My organization requires that my MS service account have a secret and token in place that expires periodically. What is the process for refreshing it without causing an interruption to integration or forcing us to re-authenticate? (Not rotating passwords or secrets will need to get an approved security exception, customers want to avoid; this process takes a lot of time to gain approval.)

These security measures are common, and a user can easily authenticate the calendar account by clicking the More Actions icon under “Actions” and then selecting “Re-Authenticate”. This can be done any time these secrets expire, or if the password is changed at all. https://developer.nylas.com/docs/developer-guide/provider-guides/microsoft/office-365-service-accounts/#give-account-permissions

clipboard_e9da4d7403d88de1dfe8df86efc8c874b.png

Q24. Why must my service account have admin rights?

Technically the service account does not need admin consent, but approval of our application does require admin approval. After authentication is completed, admin rights can be removed from the service account if this will not adversely impact our ability to impersonate your room resources. As an alternate, you can refrain from granting admin rights to the service account and instead have a global admin grant authorization during the authentication process. This will require re-launching the authentication workflow after that authorization has been requested and granted. 

Q25. What permissions does your O365 OAUTH app ask for, and why?

We request Microsoft Graph API permissions (see screenshot of specific permissions below) that allow us to access room calendar data and align to best practices as described by Nylas, our syncing partner.  None of our permissions by default require Admin consent, but they are needed until we are able to complete our verification process with Microsoft, which is expected at the end of Q2 2024.  See Q24 above for details on an alternate verification path. 

clipboard_ea8e5296a059a5371fc9209d3c30497b9.png