Beamery will be using Cronofy to manage its Meeting Scheduler features. This article contains an overview of how that integration is setup and managed. 

API Architecture

Beamery uses Cronofy as a service to enable users to manage their connections to end-user calendars. This integration supports the synchronization of user calendars from various calendar providers, including Gmail, Outlook, and Exchange.

End User Authentication

To allow Beamery to access a user’s calendar via Cronofy, the user must first authorize the connection through an OAuth2 flow managed by Cronofy. The user will authenticate with their chosen calendar service (e.g., Google, Microsoft). At no point does Beamery handle the user’s credentials directly—only the OAuth2 tokens provided by Cronofy are passed to Beamery for further use in managing calendar interactions.

Permissions and Data Privacy

Data privacy and security are fundamental in Beamery’s integration with Cronofy. We adhere to the principle of least privilege, ensuring that only the necessary permissions are granted to perform specific actions. Understanding the way permissions are managed and how user data is handled is crucial when interacting with the Cronofy API.

Event Types: Partner Events vs External Events

Cronofy distinguishes between two types of events to offer more granular control over permissions:

• Partner Events: These are events created or managed by Beamery on behalf of the user. For example, when a user schedules a meeting through Beamery, this event will be created in the user’s connected calendar and is categorised as a Partner Event.
• External Events: These events are created directly by the user within their own calendar. This could include personal meetings, reminders, or any event manually added to the calendar by the user.

By treating Partner and External Events separately, Cronofy allows Beamery to request only the permissions needed to facilitate the user’s experience. This ensures that Beamery accesses only the calendar data required to operate, without unnecessarily exposing or modifying private events.

For more detailed information on permissions, you can refer to the Cronofy documentation on permissions.

Which Graph Scopes does Cronofy Use?

When integrating with Microsoft services (Exchange, Office 365), Cronofy relies on Microsoft’s Graph API to access users’ data, including calendar events.

The following scopes are requested by Cronofy when users connect their calendars:

• User.Read: Grants access to basic profile information, such as the user’s name and email address. This is necessary for Cronofy to act on behalf of the user.
• Calendars.ReadWrite: Grants Cronofy the ability to create, read, update, and delete events within the user’s calendar.

These permissions allow Beamery to provide full calendar synchronization and meeting scheduling features while ensuring that access is limited to only the relevant data.

'Need admin approval' During Calendar Authorization

When Office 365 users attempt to connect their calendar through Beamery, they may encounter a “Need admin approval” message. This occurs when the user's IT administrator has enabled the “User Consent Setting” in Microsoft 365, blocking non-Microsoft applications from accessing users’ data.

Why This Happens

Cronofy requires an app to be installed on the Office 365 tenant to function correctly. This app facilitates the integration between Cronofy and Microsoft 365 services, but when “User Consent” is restricted, end-users will see a prompt to get admin approval for the Cronofy app.

What To Do Next

If this happens, please raise a Beamery support ticket. We will provide the necessary link for your admin to approve the Cronofy application. Until the application is installed by the administrator, the Meeting Scheduler feature will not work for Office 365 users.

Once the application has been installed, admins can further restrict access to specific features as needed, ensuring that only the necessary permissions are granted.