Enterprise Connect - Guide for System Administrators

A guide for admins of domains on granting access to the calendars of their organization to software providers using Enterprise Connect.

About Cronofy #

Cronofy helps software providers quickly and securely gain access to the calendars of their users. Whether it’s surfacing the availability of sales team for appointment booking, organizing interviews based on the live availability of the interviewing panel or automatically organizing one to one meetings between managers and their team in a room that’s free.

Enterprise Connect Overview #

Enterprise Connect from Cronofy allows an organization to authorize a software provider access calendars on their company domain. Using Enterprise Connect the administrators of that domain retain full centralized control over which organizations can access which calendars and specifically what data in those calendars will be shared.

Enterprise Connect allows organizations to benefit from the efficiency of connected calendars without compromising on security or control.

Enterprise businesses around the world benefit from the secure calendar connectivity provided by Cronofy Enterprise Connect.

Calendar Provider Support #

Enterprise Connect works with:

• Google Workspace (Google Apps for Business)
• Microsoft Office 365 (Graph API and EWS)
• Microsoft Exchange (all versions 2007 SP1 or later)

How Cronofy works #

When you grant a software provider access to your calendars using Cronofy, Cronofy acts as a broker of that data between your calendar service and the software provider, only granting the software provider access to the data you have agreed to share.

Scopes #

When a software provider is requesting access to your calendars using Cronofy, they specify the specific level of access to calendars that they would like using Scopes. Once you’ve agreed to this Cronofy will ensure that the only data the software provider will see and the actions they can perform are those which have been agreed to.

You can see the request scopes listed when you go through the process of connecting your calendar service.

The possible scopes are:

Scopes for Accessing Calendar Accounts

• manage linked accounts on your domain
• manage linked resources on your domain
• manage existing calendar events for accounts on your domain
• manage existing calendar events for resources on your domain

Scopes for data that can be accessed and actions which can be performed against each calendar account

• create new calendars
• create calendar events
• delete events that this app creates
• list your calendars
• read your account details
• read events in your calendars
• read free-busy information from your calendars
• change the participation status for an event

Data Security #

Cronofy takes the security of your calendar data seriously. All communications with your calendar service and with the software providers are performed via HTTPS utilizing 128-bit encryption.

All credentials and calendar data within our systems is encrypted at rest with the AES-256-GCM algorithm using a unique, randomly generated salt for each set of sensitive data. All stored data is encrypted at rest.

Cronofy has strict processes for its internal security and commissions regular 3rd party penetration testing.

Monitoring #

The Cronofy service is continuously monitored for availability and utilization by internal and external tools. Current and historic status reports are available at https://status.cronofy.com.

Security Model #

Enterprise Connect has three types of account:

• Service Account – allows for applications to request access to other account types.
• User – an account linked to a user’s calendars.
• Resource – an account linked to a resource (Room or Equipment) calendar.

Cronofy uses the OAuth 2.0 standard as the means for applications to request access to any of these accounts, each account receives its own set of credentials in the form of OAuth 2.0 access and refresh tokens. The access tokens for Service Accounts are shorter-lived due to their more sensitive nature.

The role of the service account is twofold, firstly this establishes the set of permitted scopes an application can request (see Scopes) and secondly to initiate the authorization process for other account types.

More information on our security policies and processes can be found in the Cronofy Compliance Center.

Controlling access using the Enterprise Connect Dashboard #

Once connected, you can use your Enterprise Connect Dashboard to control which software providers can access your calendar service using Cronofy.

From here you can review and revoke access to applications, revoke access to profiles and relink any profiles.

Granting Access to a service Provider using Enterprise Connect #

View the following articles for instructions specific to your calendar service.

• Enterprise Connect for Office 365 and Exchange
• Enterprise Connect for Google Workspace
• Enterprise Connect for Office 365 (Graph API)