Fishbowl
Browse documentation

Microsoft 365 Entra App Registration (Application Permissions)

This method registers an application in Microsoft Entra ID that uses application-level permissions to access room calendars. Credentials are entered once during device linking and encrypted for each device. No interactive sign-in is required on the device itself.

You will need a Microsoft 365 account with Global Administrator or Application Administrator privileges.

  1. Register an application in Microsoft Entra ID
  2. Add API permissions
  3. Grant admin consent
  4. Create a client secret
  5. Configure Fishbowl

Before starting, make sure you have a Room Mailbox set up. See Microsoft 365 Configuration for instructions.

1. Register an application in Microsoft Entra ID

  1. Log into the Microsoft Entra admin center.
  2. In the left menu, navigate to Identity > Applications > App registrations.
  3. Click + New registration.
  4. Enter a name for the application (e.g. "Fishbowl Meeting Room Display").
  5. Under Supported account types, select Single tenant only.
  6. Leave the Redirect URI field blank.
  7. Click Register.
  8. On the application overview page, make a note of the Application (client) ID and the Directory (tenant) ID. You will need these when configuring Fishbowl.

2. Add API permissions

  1. In the left menu of your newly registered application, click API permissions.
  2. Click + Add a permission.
  3. Select Microsoft Graph.
  4. Select Application permissions (not "Delegated permissions").
  5. Search for Calendars.ReadWrite and select the checkbox.
  6. Click Add permissions.

After adding the permission, you will see it listed with a status of "Not granted".

  1. Click the Grant admin consent for [your organisation] button.
  2. Confirm by clicking Yes.
  3. The status should update to "Granted".

Only a Global Administrator can grant admin consent. If you do not have this role, ask your Global Administrator to grant consent for the application.

4. Create a client secret

  1. In the left menu of your application, click Certificates & secrets.
  2. Click + New client secret.
  3. Enter a description (e.g. "Fishbowl") and select an expiry period.
  4. Click Add.
  5. Copy the secret value immediately. It will not be shown again after you leave this page.

When the client secret expires, Fishbowl will no longer be able to access your calendars. You will need to create a new secret and update the credentials in Fishbowl. Consider setting a calendar reminder before the expiry date.

5. Configure Fishbowl

  1. When linking devices on the Fishbowl web dashboard, select Microsoft as the calendar type.
  2. Select Entra App Registration as the authentication method.
  3. Enter the Application (client) ID, Directory (tenant) ID, and the Client Secret that you noted in the previous steps.
  4. For each device, enter the email address of the Room Mailbox that the device should display.