Configuring Microsoft Graph REST API access

The MyTimetable Office 365 integration is able to connect to a user's calendar using the Microsoft Graph REST API. This page describes how to grant MyTimetable access to the Microsoft Graph REST API.

Determine authorization method

There are two ways to authorise MyTimetable to access calendars: application permissions or delegated permissions.

When using application permissions, MyTimetable is granted access to all calendars or a subset of calendars limited by a mail-enabled security group in advance. This means MyTimetable can setup synchronisations without further actions from the user, which is appropriate for scenarios where a synchronisation needs to be setup as soon as a user is provisioned in MyTimetable. This uses the OAuth 2 client credentials flow.

When using delegated permissions, MyTimetable is granted access when the user requests to setup a synchronisation from MyTimetable. Depending on the settings, this will also show the user a consent prompt. This scenario is appropriate when users do not need to have an active synchronisation by default, and limits the security footprint of MyTimetable. This uses the OAuth 2 authorization code flow.

Setup Azure AD application

If MyTimetable is hosted by Semestry, our support department will supply you with an authentication certificate which you will need in step 1. If you are hosting MyTimetable on-premises, first create this certificate using the steps outlined on On-premises: creating a certificate.

When using application permissions, perform the following steps:

When using delegated permissions, perform the following steps:

In order to enable service calls to the Microsoft Graph REST API, the following information is required:

Azure AD tenant ID
Application (client) ID of the registered app

When using managed hosting, please send this information to the Semestry support department. When using on-premises hosting, you will need to enter these details in the MyTimetable EC configuration.