Step 2B: Booking System Preparation: Google Workspace
This article covers preparing Google Workspace for Evoko Home integration.
Process overview
During the process you will configure the following:
- Create a new project and enable APIs
- Configure project authorization
- Global calendar sharing
- Create and configure resource calendars
- Grant user APIs
Create a new project and enable APIs
1. The first step in the process is to create a new project for the integration between Evoko Home and Google Workspace. To do so; navigate to Google Cloud Platform and log in using your Google Domain Admin account.
2. Navigate to the Create Project button.
3. Enter a name for your project and press Create.
4. A notification should appear in the notification area when the project is created.
5. Click on the notification to reach the API manager or go to Menu Icon -> API & Services -> Enabled API's and Services.
6. Click on Enable API's and Services
7. The API Library will appear, search for "Google Calendar API," Select Google Calendar API
8. Click Enable
9. Repeat the previous step adding and enabling "Gmail API"
10. Enable the last needed API "Admin SDK API" for the project.
11. Now we need to create a service account. Click on the Menu Icon, select IAM & Admin, then select Service Accounts.
12. Click Create Service Account. Fill in the Name, ID, and the Description and click Create and Continue
13. Assign the service account the Role "Service Account Token Creator" from the drop down menu.
14. Click on Done. The service account should be ready in the list of service accounts. Press Manage Details to collect the needed information and to create a P12 key.
15. Create a P12 key by clicking on keys, then add key and choose P12.
16. Press Create and save this P12 key as it will be needed during the Evoko Home - Google connection later on.
17. Navigate to Details and take note of the Client ID and the Service Account Email Address as they will also be needed in later steps with Evoko Home.
18. Now we need to grant the Service Account API Access Permissions. To do so, navigate to https://admin.google.com and click on Security, then select Access and Data Control, and then select API Controls.
19. Select Manage Domain Wide Delegation
20. Under the API Clients ID, Add a New Client and use your Service Account Client ID from the previous steps. Then copy and paste the following strings to oAuth Scopes and then press Authorize.
https://www.googleapis.com/auth/admin.directory.user.readonly, https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/gmail.send
21. Under View Details you should see all [3] Scopes Applied.
Create and configure resource calendars
1. To configure the global resource sharing and create a new resource, navigate to https://admin.google.com. Select Apps then Google Workspace and then Calendar.
2. Select External Sharing option.
3. Then set external sharing options for primary calendars to "only free/busy information (hide events details).
4. Press Save.
5. The next step is to Create one or more calendar resource. To do so, navigate to Directory -> Buildings and Resources -> Manage Resources
6. Click Create a New Resource
7. Add the details for your resource and then Add Resource.
8. We should now open a private/incognito window. We will be logging in to the following link with the email that will be used for the Evoko Home Admin Email. Go to https://www.google.com/calendar and in the calendar side menu next to Other Calendars
9. Press the + icon and browse for your newly created Resource.
10. Then click the check box icon.
11. Select the newly created resource calendar from My Calendar List and select the menu icon, then Share with Specific People
12. Now make sure to add the service account which will have the settings of show free/busy
13. We strongly recommend to create a new user specifically for Evoko Home use. You can us Evoko Admin name, as Super Admin could cause some issues in later steps. You will also need to grant this user "make changes to events" or "make changes and manage sharing". In the screenshot below we use "Bob Anderson" as the Evoko Admin user.
14. Permissions should look like this:
15. Note: If you require PIN or RFID authentication to book you will need to add the users that can book with the permission: "Make Changes to Events". In this guide we use syed.hasan@smsevoko.com as user that will be using Pin/RFID on the Liso panel.
16. Repeat the steps above for all resources and users within the Project.
17. Note that it can take up to 24 hours to populate all of this information in G Suite. We recommend waiting at least 24 hours before attempting to configure Evoko Home using these accounts!
Grant user APIs
To connect Evoko Home to your Google tenant in our steps further down the road you will need a so called "Admin Email." This user will be authenticated from Evoko Home during our initial Evoko Home wizard and will act as the Global Admin in the Evoko Home interface. API permissions are only needed for the user that acts as "Admin Email"
1. Go to Directory -> Users and click on the user you want to edit.
2. Scroll down and press Admin Roles and Privileges.
3. Apply the necessary API permission by selecting any of the default Google Roles: Super Admin, Groups Admin, User Management Admin and Help Desk Admin.
- If you want the user to be more restricted you are able to create a custom role which we will guide you through in the next step.
4. Make sure to press save.
5. Creating a custom admin role is done by going into Account -> Admin Roles.
6. Then press Create New Role.
7. Give the new role a name of your liking and click next. Selecting privileges is done by scrolling down to Admin API Privileges and select Read which you will find under Users. That is the only permission needed so go ahead and click continue.
8. Press Create Role.
9. Apply the newly created admin role to your user that will act as Admin Email in Evoko Home.