Introduction into how RICOH Spaces works in areas such as syncing calendars and single sign on with O365 & Microsoft generally.
RICOH Spaces is directly connected to your organisation, allowing for deep integration and a richer user experience.
We work closely with Microsoft to ensure we're helping to enhance the user experience and integrate with the very latest Teams & O365 innovations that are available now and in the future.
This includes areas such as:
- We allow you to connect your room calendars directly to RICOH Spaces allowing full sync with your Outlook calendars
- We use Microsoft sign in so your users do not need a username & password for RICOH Spaces making things easier and more secure
- We create Teams Meetings when booking through our apps & panels to ensure your Teams room devices are always showing the correct details and are able to join meetings
- We're working on bringing service requests and approvals directly into teams messages using the adaptive card framework
- We're always working with the unreleased APIs to enable RICOH Spaces to be one step ahead of new functionality
1) Signing In
We enable users to sign into RICOH Spaces with their Microsoft account. When they access the sign in page (https://ricohspaces.app) they will be presented with the sign in options, from where ‘Sign in with Microsoft’ can be selected and the user can then enter their work email account details and password.
This uses the latest Microsoft libraries to authenticate the user on Microsoft's sign-in page, ensuring the user is an active user from within your Active directory list. No further integration work is required here.
Note: There is a chance that by default your organisation disables 3rd party application sign-ins. If this is the case you will see a denied or request approval for RICOH Spaces when signing in which an administrator can approve or can approve ahead of time.
The below image shows the Microsoft authentication token flow.
Once authenticated from Microsoft, RICOH Spaces will validate the domain of the user e.g @ricohspaces.app and direct them to your customer tenant with a JSON Web Token that is locked to your customer and sent with every request to the system.
Locally the Microsoft library checks the employee token on every page load to ensure the user is still active which ensures security as there are short refresh tokens within the system.
2) Enterprise Application Registrations
We use Enterprise applications to give full flexibility on how you manage RICOH Spaces on your tenant. We currently have 2 applications, 1 for the web app & one for the native mobile application.
- Web Apps; 5ec2cf9c-9db8-4189-a2d8-d241a089c709
- Mobile Apps: 78604ca8-c6c4-40e5-8668-1e16b98353be
You will be able to find these within the Azure portal and add them ahead of time to enable a smooth user experience.
Here you can manage every aspect of the application including see permissions and sign-ins that have happened on the account.
3) Microsoft Graph
All interactions against your account are performed securely against the Microsoft Graph which you can find more information about on the Microsoft site here.
4) Next Steps
More detailed explanations of each area of the process are available in the rest of the articles in this series.