Overview
Sense integrates with Microsoft O365 Calendar and Microsoft Teams to support interview scheduling and video conferencing. Using secure authentication through Microsoft Graph API and OAuth 2.0, Sense can connect to user calendars, check availability, schedule interviews, and generate Microsoft Teams meeting links.
This article explains how the integrations work, the authentication options available, the permissions required, and the steps administrators must complete in Microsoft 365 and Azure to enable and control access. It also outlines how IT teams can limit which users’ calendars are synced and how access is managed within the customer’s Microsoft environment.
1. O365 Scheduling and Calendar Integration
Functional Summary
- The O365 Calendar integration helps recruiters and interviewers by securely connecting to Microsoft through the Microsoft Graph API.
- Users are added through directory sync or are manually created in Sense to connect their calendars.
- Scheduling templates support multiple meeting types, including 1:1, panel, multi-event, and team interviews.
2. Authentication Options
Authentication is how Sense securely connects to Microsoft.
There are two supported authentication methods. The table below explains each option.
Type |
Description |
Recommended |
App-Based (Service Account) |
Uses application-level permissions through Microsoft Graph. Requires one-time admin consent and does not require users to sign in individually. |
Yes |
Delegated (OAuth) |
Requires each user to sign in individually to grant access. Does not scale well for large teams. |
No
|
3. Microsoft Tenant ID
Understand what the Tenant ID is
The Microsoft Tenant ID is a unique identifier that identifies your organization within Microsoft Entra ID (formerly Azure Active Directory).
It is used by third-party applications, such as Sense, to connect to the correct organization account in Microsoft’s cloud.
The Tenant ID helps route secure authentication and API requests and is not used for login or authentication.
Understand why it is safe to share Tenant ID
The Microsoft Tenant ID is not a secret and is safe to share for calendar integrations.
This is because:
- It does not expose sensitive information
- It cannot be used to access data
- It cannot be used to log in or impersonate users
- It is commonly visible in Microsoft tools and admin portals
- Access is still controlled by Microsoft OAuth 2.0 and approved permissions
4.Sense Scheduling and Calendar Integration Workflow
Permissions Required for O365 Calendar Integration
Permissions define exactly what Sense is allowed to do in Microsoft O365. Sense cannot perform any action that is not explicitly approved.
Application Permissions (Graph API)
These permissions allow Sense to operate without requiring each user to sign in.
Display Text |
Graph Permission |
Type |
Why Needed |
How Sense Uses It |
Have full access to user calendars |
Calendars.ReadWrite |
Application |
Allows Sense to create, read, update, and delete calendar events for any user. |
Check availability, time blocks, event booking |
Read all users’ full profiles |
User.Read.All |
Application |
Allows Sense to read user profile information. |
Connect user’s calendar |
Delegated Permissions (Graph API)
These permissions apply when individual users authenticate.
Display Text |
Graph Permission |
Type |
Why Needed |
How Sense Uses It |
Read and write calendars in all mailboxes |
Calendars.ReadWrite |
Delegated |
Allows calendar changes for the signed-in user. |
Check availability, time blocks, event booking |
Read and write user and shared calendars |
Calendars.ReadWrite.Shared |
Delegated |
Allows access to shared calendars. |
Event booking on shared calendars |
Maintain access to data |
offline_access |
Delegated |
Allows access when the user is not signed in. |
Connect user’s calendar |
Sign in and read user profile |
User.Read |
Delegated |
Allows authentication and profile access. |
Connect user’s calendar |
N/A |
openid |
Delegated |
Enables OpenID Connect authentication. |
Connect user’s calendar |
Screenshot of Azure Permission Screen
5. Customer IT Access Control
IT administrators retain full control over how calendar access is granted.
- Azure Security Groups can be used to restrict which users or applications can access calendar data
- All access configuration is managed on the customer’s Azure side
- Permissions and restrictions are enforced by Microsoft - Reference link
Microsoft documentation is referenced for restricting applications to specific users.
6. Granting Microsoft 365 Permissions for Sense Scheduling
This section walks through how an administrator enables calendar permissions.
Open Enterprise Applications
- Go to Enterprise applications.
- Use the search box to search for Sense.
- Click Sense Scheduling from the search results.
The Sense Scheduling overview page is displayed.
Grant admin consent
- From the Sense Scheduling overview page, go to the Permissions tab.
- The Permissions tab is located under the Security section in the left-side menu.
- Click the blue bar labeled Grant admin consent.
After completing this step, calendar access is enabled and can be linked.
Delegated Permissions to Enable
API Name |
Permission Description |
How Sense Uses It |
Calendars.ReadWrite |
Create, read, update, and delete calendar events. |
Check availability, time blocks, event booking |
Calendars.ReadWrite.Shared |
Access shared calendars. |
Event booking on shared calendars |
offline_access |
Maintain access when the user is not signed in. |
Connect user’s calendar |
User.Read |
Sign in and read user profile. |
Connect user’s calendar |
openid |
Enable OpenID Connect authentication. |
Connect user’s calendar |
7. Limiting Who Can Sync Calendars via Sense
Calendar syncing is limited to users that exist in Sense.
- Directory Sync or automated user creation controls which users are added
- Additional limits can be applied by requiring user assignment
Microsoft reference:
https://learn.microsoft.com/en-us/entra/identity-platform/howto-restrict-your-app-to-a-set-of-users#update-the-app-to-require-user-assignment
8. Microsoft Teams Integration
The Microsoft Teams integration allows Sense to generate Microsoft Teams online meeting links and include them in interview calendar events.
This integration uses Microsoft Graph API permissions to create and manage Teams meetings on behalf of approved users.
Complete Teams setup requirements
- Grant Azure privileges using the Sense UI.
- Configure an application access policy using Azure Cloud Shell or PowerShell.
These steps enable Sense to create Microsoft Teams meetings.
Sample Policy Creation
New-CsApplicationAccessPolicy -Identity sense-teams-policy -AppIds "7fb00682-951d-49c6-bf92-6d01cc05c5dd" -Description "Sense MS Teams Access"
Grant-CsApplicationAccessPolicy -PolicyName sense-teams-policy -GlobalApplication Access Grant Options
Grant Access Option |
Command |
All employees |
Grant-CsApplicationAccessPolicy -PolicyName sense-teams-policy -Global |
Specific employees / interviewers |
Grant-CsApplicationAccessPolicy -PolicyName sense-teams-policy -Identity "ID"Replace ID with the user (object) ID from the Azure user management portal |
Group of employees / interviewers |
Grant-CsApplicationAccessPolicy -PolicyName sense-teams-policy -Group "ID"Replace ID with the group (object) ID from the Azure user management portal |
MS Teams Integration workflow
Permissions Required for Microsoft Teams Integration (Graph API)
Display Text |
Graph Permission |
Type |
Why Needed |
How Sense Uses It |
Read all users’ full profiles |
User.Read.All |
Application |
Lets the app read user profiles in the directory, which is necessary to identify the user and retrieve their user ID or UPN to create a meeting link. |
To retrieve user ID |
Read and create online meetings |
OnlineMeetings.ReadWrite.All |
Application |
Allows the app to create and manage Microsoft Teams meetings (online meetings) on behalf of any user — this is what enables generation of Teams meeting links that are embedded in calendar events. |
Generate MS Teams link |
Recommendations
- Use the same Azure Security Groups for calendar and Teams access.
References
-
Sense Support Article: Microsoft Teams Integration
Secure Authentication Using Microsoft Standards: Microsoft Portal - Fine-Grained Control via OAuth Scopes, Not Endpoints: Nylas Scopes
- Admin-Level Permissions and Group-Based Access Control: Azure Portal