Follow

Setting Permissions on Google Apps For Business

This is a guide on how to prepare your Google Apps for Business to run with Pronestor Display.

Pre-Requisites

You need to have the following in place before launching this guide.

  • Administrative account for your Google
  • Purchase Google Apps For Business
  • One more room created as resources on your Google 
  • All users must have Google+ enabled for their account *) (see section "Enabling Google+ for users" below)

Installation

We will guide you through the process of enabling Pronestor Display to acquire information from your Google Apps.

Requirements:

  • Google Apps For Business 
  • Administrator privileges on Google Apps (only for configuration) 
  • Rooms created as “room resources”

Tips on how to create rooms on your Google Apps: http://support.google.com/a/bin/answer.py?hl=en&answer=1033925

Enable API and service account

Create a service account that is to be used with Pronestor Display. Please note that the “Client ID” and “E-mail Address” that will be generated is important.

  • In "Use Google API's" clock "Enable and manage APIs" (https://console.developers.google.com/apis)
  • Go to "Google Apps APIs" and choose "Calendar API"
  • Click "Enable API” 
  • Go to "Admin SDK" (New requirement)
  • Click "Enable API” (New requirement)

 

  • Click “Credentials” in the left menu
  • In "Credentials" choose "New Credentials"
  • Choose "Service Account key"
  • In "Service Account" - choose "New Service Account"
  • Give it a name "pronestordisplay"
  • Choose "Key type" "P12" and click create
  • Store the private key (abc.p12)
  • Click "Manage Service Accounts"
  • Click the 3-dots to the right of the service account
  • Click Edit
  • Enable "Enable Google Apps Domain-wide Delegation"
  • Then click View Client ID
  • Take note of the email address for the service account

Authorize access to Google API (new api)

We will now give the service account created in the prior section permissions to access the Google API – which is the interface used by Pronestor Display to access your calendar information for the room resources.

  • Go to https://admin.google.com
  • Choose “Security” 
  • Click "Show more" and the choose "Advanced Settings"
  • Choose “Manage API client access” 

  • In the “Client name” insert the CLIENT ID (see OAuth Data in earlier steps)
  • In the “One or More API Scopes” insert
  • https://www.googleapis.com/auth/calendar,https://apps-apis.google.com/a/feeds/calendar/resource/
  • (NEW) https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly

    IMPORTANT - copy text to notepad to avoid hidden characters.


Create a Pronestor Service Account with permission on room resources

We recommend that a dedicated user account is created. This service account will be used to access the room resources and have permissions to perform changes for the room resources.

  • Go to https://admin.google.com
  • Choose Users




  • Click “Create new user”
  • Click “Add a user manually”
  • Give the account a name

Remember this email – it will be referred to as service account




  • Log in to your Google Calendar
  • Locate the room
  • Right click and choose “Share this calendar”

  • Add the service account email in the “Person”
  • Set the Permission Settings to “Make changes to events”
  • Click Save



  • Log into your Pronestor Display solution

  • Go to “Settings” and “Google Apps”

  • Click “Change private key” and locate the private key (p12) 

  • Enter your service account email into the “Principal email address. - ex. "service@pronestordisplay.com"

  • Enter the email address from OAuth Data into the “Service account email address” - Ex "pronestordisplay1702@brave-alliance-122416.iam.gserviceaccount.com"

  • Click “save and test connection”

  • Continue in Pronestor Display to import rooms


Video:

http://help.pronestor.com/manuals/pnd/google/google.html

 

Adding support for new the Google API

Enable access to the "Admin SDK" API

  • Go to the "API Manager": https://console.developers.google.com/apis
  • and see if the "Admin SDK" is in the list of enabled APIs, otherwise
  • add it by clicking the "Enable API" button located at the top of the page.
  • Then select "Admin SDK" and on the "Admin SDK" page click "Enable"

 

Adjust API scopes

 

Enabling Google+ for users

An issue is currently pending with Google's Web API - it is a known issue escalated by the community. The issue does for some users mean that the booker's name doesn't show on the room displays.

If this is the case - please follow the proposed workaround described here.

If it is NOT the case - then there is NO need to enable Google+.

In order to show the owner of a booking in Pronestor Display, it is required that each user has Google+ enabled.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Support

    **"The request was denied by the server: invalid_request"

    **Make sure that the checkbox is enabled for "Share this calendar with others" and "Share this calendar with everyone in the organization....."

    Capture.PNG

    Or - make sure "https://apps-apis.google.com/a/feed/calendar/resource/,https://www.googleapis.com/auth/calendar" is set for the xxx.apps.googleusercontent.com within the Authorized API clients

  • Avatar
    Support

    Creating a room resource

    In Google Calendar

    • Expand "Other Calendars" - choose "Browse interesting calendars"
    • Choose "more" - choose "Resources for pronestordisplay.com"
    • Subscribe to rooms
    •  

    In Google Calendar

    • Expand room in "Other calendars"  - choose "Share this calendar"
    • Choose "Share this calendar"
    • Set the email for the user "xyz@developer.gserviceaccount.com" and choose "make changes to events"

     

  • Avatar
    Support

    "Connecting to Google Apps Web Services failed. The server returned the following HTTP status code: Forbidden (403). . And the following message: The remote server returned an error: (403) Forbidden."

  • Avatar
    Support

    "Google Apps Web Services returned the following error message: The request was denied by the server: access_denied"

    Calendar (Read-Write) https://www.googleapis.com/auth/calendar

  • Avatar
    Support

    "An unexpected error occurred while attempting to contact Google Apps Web Services: Error:"unauthorized_client", Description:"Client is unauthorized to retrieve access tokens using this method.", Uri:""
    * Please delete current site and create a new site

  • Avatar
    René Nielsen

    "An unexpected error occurred while attempting to contact Google Apps Web Services: Error:"unauthorized_client", Description:"Client is unauthorized to retrieve access tokens using this method.", Uri:""

    SOLUTION : give the service account that is created "Service Account Actor" role.

Powered by Zendesk