Connect Room Reservations to Your Outlook Tenant

Overview

This article covers the steps required to connect Concept3D Room Reservations to a Microsoft 365 tenant via the Outlook Calendar Integration. Completing this setup authorizes Concept3D to read and write room calendar data in the tenant via the Microsoft Graph API.

Audience: IT administrators with Microsoft Entra admin access and Concept3D Root Admin access.

Prerequisites

• A Microsoft 365 tenant with room resource mailboxes configured
• Microsoft Entra admin access (required to create app registrations and grant admin consent)

Step 1: Create an App Registration in Microsoft Entra

An app registration creates an identity for Concept3D to authenticate against the Microsoft tenant.

1. Sign in to the Microsoft Entra admin center
2. Navigate to App registrations
3. Click New registration
4. Enter a name for the application (e.g., "Concept3D Room Reservations")
5. Under Supported account types, select Accounts in any organizational directory (Any Microsoft Entra ID tenant – Multitenant)
6. Click Register
7. On the app registration overview page, record all three of the following values — they are needed in Step 4:
   • Application (Client) ID
   • Directory (Tenant) ID
   • Object ID

Screenshots — App registration setup:

Step 2: Generate a Client Secret

A client secret is the credential Concept3D uses to authenticate as the registered application.

1. In the app registration, navigate to Certificates & secrets
2. Under Client secrets, click New client secret
3. Enter a description and set an expiration period
   • Recommended: select the longest available expiration (typically 24 months)
4. Click Add
5. Copy the secret Value column immediately. Microsoft displays this value only once — it will not be visible after navigating away from this page.

Critical: Save the client secret value in a secure location before leaving this screen. If the value is lost, the secret must be deleted and a new one generated, then re-entered in Concept3D.

Step 3: Configure Microsoft Graph Application Permissions

The integration uses Microsoft Graph Application Permissions. Delegated Permissions must not be used — selecting the wrong permission type is one of the most common setup errors.

1. In the app registration, navigate to API permissions
2. Click Add a permission
3. Select Microsoft Graph
4. Select Application permissions (not Delegated permissions)
5. Search for and add each of the following permissions:
   • Calendars.ReadWrite
   • Place.Read.All
   • User.Read.All
6. After adding all three permissions, click Grant admin consent for [tenant name]
7. Confirm the grant when prompted

Critical: The integration will not function until admin consent is granted. Permissions may appear configured correctly, but sync will fail until this step is completed.

Screenshots — API permissions and admin consent:

Step 4: Share Credentials with Concept3D

Using a secure method such as a password manager, share the following information with your Concept3D Onboarding Specialist:

• Tenant ID — the Directory (Tenant) ID from the app registration
• Client ID — the Application (Client) ID from the app registration
• Client Secret — the value copied in Step 2

Your Concept3D Onboarding Specialist will validate the connection, then Space-to-calendar mappings can be configured. See Manage Space-to-Calendar Mappings.

Note on initial sync: When the integration is first enabled, only future events sync — existing past reservations are not backfilled into Outlook, and past Outlook events are not imported into Room Reservations.

Best Practices

• Use a dedicated app registration — create a registration specifically for this integration rather than reusing one shared with other applications
• Store credentials securely — the client secret grants access to room calendar data across the entire tenant; treat it like a password
• Track the secret expiration date — Microsoft client secrets expire on a fixed schedule (12–24 months). Rotate the secret before it expires to avoid an integration outage; update the new value in Concept3D immediately after generating it
• Limit permissions to what is required — the integration only needs Calendars.ReadWrite, Place.Read.All, and User.Read.All; do not add additional permissions

Troubleshooting

Integration fails after entering credentials
Admin Consent may not have been granted. Return to the app registration → API permissions and confirm that admin consent is granted for all three permissions (Calendars.ReadWrite, Place.Read.All, User.Read.All).

"Check Permissions" validation fails
Verify all of the following:

• All three Graph Application Permissions are added (not Delegated)
• Admin Consent is granted for the tenant
• The client secret has not expired
• The Tenant ID, Client ID, and Client Secret values in Concept3D exactly match the values from the app registration

Incorrect permission type selected
If Delegated Permissions were added instead of Application Permissions, remove them and re-add the correct Application Permissions, then grant Admin Consent again.

Client secret is invalid or expired
Generate a new client secret in Microsoft Entra (Certificates & secrets → New client secret), save the value immediately, and update the Client Secret field in Concept3D (Root Admin → Manage Platform → Integrations → Outlook).

Tenant mismatch
Verify that the Tenant ID entered in Concept3D matches the Directory (Tenant) ID from the app registration in Microsoft Entra. Mismatches occur when credentials from a different tenant are entered by mistake.

Note on Microsoft Admin Interfaces

Microsoft exposes room configuration across multiple admin tools. Depending on the task, administrators may need to use different interfaces:

Not all settings are available in every interface. If a setting is not visible in one tool, it may be accessible in another.

Related Articles

• Outlook Calendar Integration Overview
• Manage Space-to-Calendar Mappings