Troubleshooting the work calendar integration

For users to access the calendar integration, administrators will need to follow a test flow to test the consent level of the calendar integration. Letting administrators test the integration before enabling it ensures that end-users don’t face any difficulties when syncing their calendars. 

However, administrators may run into issues during this test flow. If a test flow fails, you will not be able to enable the integration. In this case, you need to first address the failure issue; this may require help from your application administrator responsible for your organization’s work calendar.

Please toggle between the different solutions in the tab menu below to find the troubleshooting steps associated with your Cloud Suite (either O365 or Google Workspace).

O365 Google Workspace

Permissions requested

When does a user see this screen?

This screen will appear once a user has chosen to connect their calendar to Office Shifts; they’ll be redirected to the consent flow and login. This is normal since the user has not given consent before, and an administrator has provided no administrator consent in their organization. By clicking the Accept button, the user gives Mapiq the indicated permissions. This screen should appear to a user once.


The user is not sent to the consent screen but is redirected back to the app

When clicking ‘Connect your calendar’, the user is not sent to the consent screen but is instead automatically redirected back to the app. 

When does this happen?

The user has already given consent, or an administrator has already given consent on behalf of all users.


Error message: Sorry, but we’re having trouble signing you in. 

The user receives the error message: “Sorry, but we’re having trouble signing you in. AADSTS50105: The signed-in user [username] is not assigned to a role for the application [application-id].”

When does a user see this screen? 

The user has chosen to connect their calendar to Office Shifts and has been redirected to the consent flow. After logging in,  the user will receive this error: AADSTS50105.

Why does it happen?

This error occurs when an administrator has enabled ‘user assignment’ for the Mapiq connection with Office 365, and a user who has not yet been assigned to the application attempts to connect their calendar. 

How to resolve this?

The user should consult their organization’s Active Directory or Tenant administrator (this is often a different person than the building or subscription administrator). Possible solutions are: 

  • The administrator assigns the user a role (Default Access) in the application
  • The administrator disables user assignment for the app so that all users in the organization can use the app

Admin approval is required

In some cases, the tenant administrator for O365 could have the permissions for Mapiq Office Shifts classified as something different than in the app. For example:

Permissions classified as low impact by Tenant admin

  • offline_access
  • openid
  • profile
  • email

Permissions expected by app

  • offline_access
  • Calendars.Read
  • openid
  • profile

In this scenario, administrator approval is required (because Calendars.Read is not classified as low impact). The approval required dialog will present an option to request access to the app. Even if the application is not requesting this specific permission, this permission always needs to be present in the list of low-impact permissions; otherwise, a user won’t be able to sign in.

After requesting approval, the user can go back to the app. Of course, the consent has not yet been given, so Mapiq cannot access the user’s calendar, and an error message will be shown.


Request for approval is presentedUsers can return to the appCalendar sync has failed
Depending on the level of permission given by the Tenant administrator, either of the first two screens may not be shown. However, the last screen is always shown when the test flow fails.

Solution

An administrator in the administrator’s O365 tenant can review pending requests. For pending requests, they can choose to review the requested permissions and provide consent from the O365 side. Note that this will give consent to all users in the organization, meaning that users will no longer be prompted to review these permissions. In this case, users will still have to go through the consent flow (i.e., connect their calendar), but they will not see the consent screen with the Approve button during that process and will be redirected back to the app immediately.

As the Subscription administrator tests the flow, this consent will be given before enabling the Hybrid Meetings integration, automatically ensuring your end-users will not see this 'approval is needed from an admin' screen.

User consent variations

In the O365 environment, Tenant administrators can decide on variations of the user consent. These options are shown in the screenshot below. Tenant administrators can set the consent level for only a subset of the users instead of all users. If that's the case, users need to be assigned to the app before using it.


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.