Setting Permissions on Google Apps For Business / G Suite
This is a guide on how to prepare your Google Apps for Business to run with Pronestor Display.
Pre-Requisites
You need to have the following in place before launching this guide.
Administrative account for your Google
Purchase Google Apps For Business
One more room created as resources on your Google
All users must have Google+ enabled for their account *) (see section "Enabling Google+ for users" below)
Installation
We will guide you through the process of enabling Pronestor Display to acquire information from your Google Apps.
Requirements:
Google Apps For Business
Administrator privileges on Google Apps (only for configuration)
Rooms created as “room resources”
Tips on how to create rooms on your Google Apps: http://support.google.com/a/bin/answer.py?hl=en&answer=1033925
Create a project in Google Cloud
Click “New Project” and name the project
Name your Project
Select your new project
Enable API’s
In "APIs” select “Go to APIs overview”
click "Enable APIs and services"
Search for "Admin SDK" - click the card
choose and click ENABLE
Search for the google calendar api
enable that as well
Add Credentials
Click burger menu, choose APIs & Services, and then Credentials
Click “Create Credentials” and then Service Account Key
11.
In Service Account, choose “New Service Account”
Give the service account a name
In role, choose “Service Accounts -> Service Account User”
And set key type to “P12”
And finally click “Create”
Generate P12 key
Click “Close”
Choose “Managed service accounts”
Click the 3-dots and choose "Manage Keys" in the dropdown
-
Take note of what "OAuth 2 Client ID" and "Email"
Authorize Access To Google API
Go to https://admin.google.com
Choose “Security”
Choose "Access and data control"
Choose “API controls”
In the “Client name” insert the OAuth 2 Client ID (see OAuth Data in earlier steps)
In the “One or More API Scopes” insert the following: https://www.googleapis.com/auth/calendar,https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly
(important – copy the link text to NotePad and then copy again to the field in web)
Click (Authorize)
This is how it should look when set up.
Create a Pronestor Service Account with permission
We recommend that a dedicated user account is created. This service account will be used to access the room resources and have permissions to perform changes for the room resources.
Go to https://admin.google.com
Choose Users (there are multiple ways of creating users, as shown in the picture below)
Click on "Add new user"
Give the account a name
Either choose your own password or choose that it should generate one itself, where you can note that afterwards.
Set Permission on Rooms
Log in to your Google Calendar - https://calendar.google.com/
Search for your room and click on it, it will now be visible and enabled.
Under "my calendars" click on the 3 dots next to your room
select" settings and sharing"
NOTE – this must be done for EVERY room that you would like Pronestor to interact with via Pronestor Display
Choose “Share with specific people” and then “Add People”
Scroll down to "share with specific people" and click "Add people"
Add the user account and set permission "Make Changes To Events" – and end with “Send”
Link to Pronestor
Log into your Pronestor Display account
Go to “Settings” and “Google Apps”
Click “Upload private key” and locate the private key (p12)
Enter your service account email into the “Principal email address. - eg. Pronestor [email protected]
Enter the email address from OAuth Data into the “Service account email address” - Eg. pronestordisplay1702@brave-alliance-11223344.iam.gserviceaccount.com
Click “save and test connection”
Finally - Go to "settings" then "Rooms" and click "Search for rooms"