When implementing calendar integration for Mapiq, administrators need to test the consent level of the integration to ensure a seamless experience for end users. However, issues may arise during the test flow, and if the test fails, the integration can only be enabled once the problem is resolved. In this article, we’ll provide you with troubleshooting steps for common issues encountered during the integration process with O365 and Google Workspace.
O365 Troubleshooting
Permissions Requested
Users will see this screen when connecting their calendar to Mapiq for the first time. By clicking “Accept” the user grants Mapiq the indicated permissions. This is a normal part of the consent process and only appears once.
The user is redirected back to the app
When clicking “Connect your calendar,” the user is not sent to the consent screen but instead automatically redirected back to the app. This occurs when a user has already given consent, or an administrator has provided consent on behalf of all users. There's no need for anything in this case.
Error Message: “Sorry, but we’re having trouble signing you in...”
The user receives the error message “Sorry, but we’re having trouble signing you in. AADSTS50105: The signed-in user [username] is not assigned to a role for the application [application-id].”
This error arises when user assignment is enabled for the Mapiq connection with Office 365 and an unassigned user tries to connect their calendar.
To resolve this, employees must consult with their organization’s Active Directory or Tenant Administrator (usually someone from the IT Department). They can either assign the user a role (Default Access) or disable user assignment for the app so that all users in the organization can use the app.
Admin approval is required
If the permissions required by Mapiq are different from those classified by the tenant administrator.
For example:
Permissions classified by Tenant Admin | Permissions expected by Mapiq |
offline_access | offline_access |
openid | Calendars.Read |
profile | |
profile |
Even in the case of mismatching permissions, users can request access to the app, but they won’t be able to sign in until the necessary permissions are granted.
To resolve this, an O365 administrator can review pending requests and provide consent from their end.
🚨 Please note that this will give consent to all users in the organization, meaning that users will no longer be prompted to review these permissions. Users will still have to go through the consent flow (i.e., connect their calendar), but they will not see the consent screen with the “Approve” button during that process and will be redirected back to the app immediately.
User Consent Variations
Within the Office 365 ecosystem, tenant administrators can regulate different levels of user consent:
Instead of applying a blanket consent level for all users, tenant administrators can customize these settings for specific subsets of users. If so, users must be assigned to the app before using it.
Google Workspace Troubleshooting
Verify If Users Can Access The Application
Google Workspace for Mapiq is a third-party Google app that retrieves users’ authorization to access their Google Workspace Calendar.
Organizations using Google Workspace can choose how their users provide this authorization to third-party applications and restrict access to Google Workspace services, including the Google Calendar service.
In a basic setup, users can log in to all applications onboarded in Google’s app verification program. Those applications can access most Google Workplace services, excluding high-risk scopes (such as Gmail or Drive).
In practice, many organizations restrict how users can give applications access to their data. Please look at this Google Support document to learn more about the options available to Google Workspace administrators: Control external access to Google Workspace data - Google Workspace Admin Help.
In most cases, a Google Workspace administrator must trust an app before users can connect their Google Workspace Calendar to Mapiq. If a user attempts to secure their calendar when admin approval is still required, the following error will be shown:
Administrators can manage access to apps in the Google Admin console. Please look at this Google support page to learn how that can be done: Control which third-party & internal apps access Google Workspace data - Google Workspace Admin Help.
In the case of Mapiq, administrators should make sure that the following app is allowed access to the services:
Google Workspace Admin (for room linking in Mapiq’s admin portal)
Calendar (for access to user calendars)
Name | Google for Mapiq |
Id | 435490507851-5cevj257gg17fpaesetd0f71msk44kui.apps.googleusercontent.com |
Verify Context-Aware Access
Some organizations may have restrictions that affect users’ ability to access Google Workspace data.
Check with your IT department or Google Workspace administrator to ensure employees can sign in and access their Google data with the Mapiq mobile application and web browser version (https://app.mapiq.com and https://admin.mapiq.com). This will help prevent users from being locked out due to organizational IT policies.