Launch & Employee Onboarding Materials
      Back to home
      1. Bright Breaks Champion Knowledge Base
      2. Promotional Resources
      3. Launch & Employee Onboarding Materials

      Required Calendar Permissions for Daily Break

      Please share this with your MS Outlook admin personnel. With the help of these permissions, break suggestions will appear in the free spots of calendars.

      Download the PDF version here

      Overview

      Bright Breaks allows users to connect their Outlook & Google calendar for the purpose of filtering out breaks that conflict with events in their calendar. The same mechanism is used by the “Daily Break” feature where short breaks are recommended to users based on free time in the users’ calendars.

      How Permissions Are Given

      To connect their calendar, the user follows an Oauth 2.0 flow to consent to a limited set of permissions.

      Bright Breaks requires the user to consent to “offline access”, ie. providing Bright Breaks a refresh token so that Bright Breaks’ server can read the required info from the user’s calendar at any time unless and until the user revokes permission. The user can revoke this permission at any time through their Bright Breaks settings at brightbreaks.com/client/settings (or directly through their Outlook or Google account).

      Aside from the refresh token and the email address associated with the calendar, information about a user’s calendar is never stored on Bright Breaks’ servers.

      Outlook Calendar Permissions

      In order for Bright Breaks to be able to determine when a user has free time, we require the Calendars.ReadBasic permission (see https://docs.microsoft.com/en-us/graph/permissions-reference). This allows Bright Breaks to read events in user calendars, except for properties such as body, attachments, and extensions. The only information we use is when events in the user’s calendar begin and end in order to determine when a user is available to take a break.

      In addition, we require the User.ReadBasic permission. We use this only to retrieve the email address associated with the calendar being connected, since this is a parameter that is necessary when determining calendar availability.

      In order for integration permission to be granted on Outlook, an Admin Outlook user needs to:

      • Create their Bright Breaks account by selecting Sign Up in the top right hand corner on the booking page 
      • Opt-in to calendar integration through their own Bright Breaks account (via the Fits Schedule toggle on the Bright Breaks Booking Page)
      • Consent on behalf of their organization. This enables individuals within the organization to consent to the calendar permissions. This does not eliminate the requirement that each individual follows an Oauth 2.0 flow to give consent for their calendar.

      Google Calendar Permissions

      If your organization uses Google Calendar, there is likely no action needed at an admin level as permissions are granted by the user when connecting their calendar.

      For Google Calendar integration, we require the user to consent to the googleapis.auth.calendar.freebusy permission (see https://developers.google.com/identity/protocols/oauth2/scopes) 

      This permission allows Bright Breaks to get a list of blocks of times when the user is busy. There is no additional information available to Bright Breaks. For example, Bright Breaks can not read information about the events in the user’s calendar.

      Google OAuth 2.0 freebusy Scopes

      image (2)-2

      User View of Prompt for Consent

      image (1)