Office365
Getting evaluation license
Prerequisites
To run Roombelt you need a Ubuntu 20.04 server. As Roombelt is a web application it needs to be accessible from your network over a secure HTTPS connection. Setting up an HTTPS certificate is beyond the scope of this document and can be done e.g. using Apache or NGINX with Let’s Encrypt.
Roombelt is distributed as a single binary. Provisioning it (e.g. running when the Ubuntu server starts and restarting after an application crash) can be done using standard Linux mechanisms (e.g.
systemd
) and is not covered in this document.
Creating an application in Azure
- 1.Open https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade and click "New registration"
- 2.Type any name, choose "Accounts in any organizational directory (Any Azure AD Directory - Multitenant)" and click "Register"
- 3.Open the registered application overview page. Copy “Application (client) ID” and paste it into the roombelt.env config file as
OFFICE365_CLIENT_ID
. - 4.Go to “Certificates and secrets” and create a new client secret. Set any expiration date. Copy the client secret value and paste into the
roombelt.env
config file asOFFICE365_CLIENT_SECRET
. - 5.Go to API permissions, and click “Add a permission”. Select “Microsoft Graph” and then “Application permissions”. Select:
- “Calendars -> Calendars.ReadWrite”
- “User -> User.Read.All”.
- “Place -> Place.Read.All”
- 1.Go to “Authentication” and click “Add a platform”. Choose “Web” and type Redirect URI in the format
https://<ROOMBELT_URL>/office365/oauth_callback
. Then again click “Add a platform”, choose “Web” and add another Redirect URI in the format:https://<ROOMBELT_URL>/office365/oauth_callback_admin
. EditOFFICE365_REDIRECT_URL
andOFFICE365_REDIRECT_URL_ADMIN
in the roombelt.env configuration file accordingly.
Roombelt configuration file
Roombelt configuration can be changed using the roombelt.env configuration file. Set the following fields:
OFFICE365_CLIENT_ID
to the Client ID that you’ve saved earlier.OFFICE365_CLIENT_SECRET
to the Client secret that you’ve saved earlier.OFFICE365_REDIRECT_URL
andOFFICE365_REDIRECT_URL_ADMIN
to the Redirect URIs that you’ve configured in Azure in the previous steps.
There are additional configuration options described in the sample roombelt.env configuration file delivered with Roombelt binary.
Database
By default, Roombelt uses SQLite database which is sufficient for most use cases. If an external database is preferred you can provide a database connection string using the
DATABASE_URL
variable in the roombelt.env configuration file. Supported databases include PostgreSQL and MySQL.Roombelt creates and updates the database schema automatically if the
UPDATE_DATABASE_SCHEMA
variable is set to true in the configuration file. Interrupting the database update process can break the database permanently so it’s highly recommended to:- 1.Start Roombelt for the first time with
UPDATE_DATABASE_SCHEMA=true
. - 2.Wait about a minute to ensure the database schema is created.
- 3.Kill Roombelt, set
UPDATE_DATABASE_SCHEMA=false
, and restart the application.
Security
There are some optional settings that improve the security of the Roombelt deployment:
- 1.Set
ALLOWED_EMAILS
in roombelt.env configuration file to the email address of the service account used to configure meeting room displays in your organization. This will block access to your Roombelt instance for other users from your organization and users from other organizations. - 2.Restrict Roombelt access only to the meeting room mailboxes as documented at https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access.
Final notes
Last modified 7mo ago