Oracle Recruiting Cloud

Interview Scheduling Calendar Integration – Setting up Microsoft 365 integration for

interview scheduling

October, 2023, Version 2.0

Copyright © 2023, Oracle and/or its affiliates
Public
Purpose statement
This document provides an overview of features and enhancements included in release 23D. It is intended solely
to help you assess the business benefits of upgrading to 23D and planning for the implementation and upgrade
of the product features described.

Disclaimer
This document in any form, software or printed matter, contains proprietary information that is the exclusive
property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of
your Oracle software license and service agreement, which has been executed and with which you agree to
comply. This document and information contained herein may not be disclosed, copied, reproduced or
distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your
license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or
affiliates.

This document is for informational purposes only and is intended solely to assist you in planning for the
implementation and upgrade of the product features described. It is not a commitment to deliver any material,
code, or functionality, and should not be relied upon in making purchasing decisions. The development, release,
timing, and pricing of any features or functionality described in this document remains at the sole discretion of
Oracle. Due to the nature of the product architecture, it may not be possible to safely include all features
described in this document without risking significant destabilization of the code.

2 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
Table of contents

Oracle Recruiting Cloud Integration with Microsoft 365 4

Office 365 Integration with Oracle Recruiting Cloud 5
Register the Active Directory Application 7
Additional configuration when using “Single User” access type 7
Configure Oracle Cloud Recruiting with the Office 365 Calendar
Integration 9

3 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
Oracle Recruiting Cloud Integration with Microsoft 365
This document covers how Oracle Recruiting Cloud integrates with Microsoft 365 to provide interviewer
availability when scheduling and managing interviews. The Microsoft 365 integration uses Microsoft’s Graph API
to get calendar availability and to write to users’ calendars. It's a cloud-to-cloud integration where Oracle
Recruiting Cloud calls Microsoft Graph APIs. Specific topics covered include:
 The Office 365 integration with Oracle Recruiting Cloud
 How to configure the application in the Azure Portal
 How to configure Oracle Recruiting Cloud in the Setup and Maintenance work area to connect with the
Microsoft 365 Graph API

Microsoft Products Referenced in this Document

PRODUCT DESCRIPTION LINK EXAMPLE

Azure Portal The Microsoft Azure Portal is https://portal.azure.com/#home

where Active Directory is
managed and the application is
configured for Oracle
Recruiting Cloud to connect to.

Office 365 Administration The administration home page https://admin.microsoft.com/Adminportal/Home?

for users to access Outlook 365
emails and calendars, configure
users and rooms and Office
365 licenses.

4 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
Office 365 Integration with Oracle Recruiting Cloud
This section describes the overall solution view of the integration between Oracle Recruiting Cloud and Office
365. The below figure shows all the components that are involved in the solution.

As shown above, the integration between Oracle Recruiting Cloud and Office 365 is achieved through the Microsoft
authentication API and the Graph API. (https://docs.microsoft.com/en-us/graph/overview)

The authentication between Oracle Recruiting Cloud to the Azure environment is made through an application
configured at the Active Directory level. The system registered application is defining the authentication mode, the
security passcode, and the security access for this application.

Oracle Recruiting Cloud can access the Office 365 information using two different access types, referred to as “All
Users” and “Single User”.

 With “All Users” access type, Office 365 operations are performed on behalf of each user (for example, adding
a calendar event to a user’s calendar, inviting other users to this event.

o This access type allows enabling all the integration features available in Oracle Recruiting Cloud.

o When using this access type, the application needs the following application privileges:

 Calendars.ReadWrite

 User.Read.All

 With “Single User” access type, all Office 365 operations are performed using a specific user (for example, this
user acts as the meeting organizer for all calendar events, inviting other users to the event).

o This access type provides a more restricted access and more control on the Office 365 information
and operations which can be accessed by Oracle Recruiting Cloud. However a few integration features
will not be available in Oracle Recruiting Cloud. Refer to the Oracle Recruiting Cloud implementation
documentation for more details on those limitations.

o When using this access type, the application needs the following application privilege:

 Calendars.ReadWrite

5 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
With those security privileges, Oracle Recruiting Cloud will get access through REST services to the Active
Directory users (for “All Users” access type only) and the user(s) calendar using an access token for the specific
customer Office 365 Tenant ID. The full details of the application configuration is described in detail in the section
Register the Active Directory Application. The full Microsoft implementation details about authentication can
be found in this documentation https://docs.microsoft.com/en-us/graph/auth/authconcepts. For the Oracle
Recruiting Cloud solution, we are relying on the Get access without a user described here
https://docs.microsoft.com/en-us/graph/auth-v2-service.

The Oracle Recruiting Cloud administration is then used to configure the Active Directory application configured
keys into the Oracle Recruiting configuration as described in section Configure Oracle Recruiting Cloud with the
Office 365 Calendar Integration. At this point, the application tenant ID, the application ID, the secret password
and the Calendar name will be stored in Oracle Recruiting Cloud, using the Fusion OPSS credential store which is
the standard way to secure sensitive credentials in Fusion.

The Microsoft authentication API is used to get the token based on the tenant and the application information.
(https://docs.microsoft.com/en-us/graph/auth/auth-concepts)

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token

The Microsoft Graph API (https://docs.microsoft.com/en-us/graph/overview?view=graph-rest-1.0) is used to

achieve the following operations on the Active Directory and the Calendar.

 Read on the Active Directory Users (for “All Users” access type only)

 Read, Write and Delete Calendar Events

 Read the Free/Busy Calendar for specific Users

Those operations are done through REST services passing through the universal Graph API single entry point.

https://graph.microsoft.com/1.0/{resource}?{query-parameters}

The below flow describes how the free/busy calendar scenario is achieved. Note that the flow represents a high-
level view focusing on the integration points between the Fusion Oracle Cloud, the Microsoft Office 365 Cloud
API’s and the Customer Office 365 Azure Tenant.

6 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
Register the Active Directory Application
This section describes the application registration in the tenant Active Directory.

The registered application is related to the configuration that the Oracle Recruiting Cloud Interview Scheduling
application will use to connect to the Azure environment (Active Directory and Graph API Rest service).
1. Login to https://portal.azure.com/#home using the credentials.
2. Click Azure Active Directory.
3. Click App registrations.
4. Click New registration.
5. Give a name to the application. For example, Oracle Recruiting Interview Scheduling Microsoft 365
Integration.
6. Select the option Accounts in this organizational directory only ({Organization Name associated to
the Azure Tenant} only - Single tenant).
7. Click Register.
8. Click the application Display Name to get the detail.
9. Click Authentication in the left Manage menu panel.
10. Click Add a platform under Platform configurations and choose the web option below Web
Applications.
11. Enter the redirect URL value to http://localhost.
12. Select the option ID tokens, shown at the bottom of the Advanced Settings section.
13. Click Configure.
14. Click Certificates & secrets in the left Manage menu panel.
15. Click New client secret.
16. Enter the description and make it not expirable.
17. Copy the password information, as it will be needed in the Oracle Recruiting Office 365 Calendar
Integration configuration settings.
18. Click API permissions in the left Manage menu panel.
19. Click Add a permission.
20. Search for permission in Microsoft Graph using the application permissions option.
21. Search for the necessary permissions and add them to the application.
 For the “All Users” access type, add the Calendars.ReadWrite(Calendars) and the
User.Read.All(User) permissions.
 For the “Single User” access type, add the Calendars.ReadWrite(Calendars) permission.
22. Click Grant admin consent for {Organization Name associated to the Azure Tenant}. This will give the
grant for those roles to the application without user consent.
23. The configuration of the application is now complete. The Oracle Recruiting Office 365 Calendar
Integration can now be configured using the following values: Application (client) ID, Directory
(tenant) ID, and the application password.

Additional configuration when using “Single User” access type

The "Single User" access type provides more control on the Office 365 information and operations which can be
accessed by Oracle Recruiting Cloud, as all operations are performed using a specific Office 365 user which can
be specified in the Oracle Recruiting Cloud configuration.

This enables additional configuration possibilities, which we strongly recommend using to increase security (best
practices):
1. A new Office 365 mailbox (user) should be created, to be used solely by the Oracle Recruiting Cloud
integration. Since other users will be receiving meeting invites from this user, give it a meaningful
name (“Recruiting Coordinator” for example). Configure this user as the “Default User Identifier” in
the Oracle Recruiting Cloud configuration.
2. The Active Directory application should restrict the application permissions to this single mailbox.
 This can be achieved using ApplicationAccessPolicy. You can find more details on
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
 When configured this way, the Calendar.ReadWrite operations are restricted to the selected
mailbox. For example, while the API will have access to the calendar availability information
7 Oracle Recruiting Cloud / Version 2.0
Copyright © 2023, Oracle and/or its affiliates / Public
 (free/busy) of all users, minimal information is retrieved (it will not have access to the
calendar event details of all users) and it will not be able to create events on behalf of all
users.

8 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
Configure Oracle Cloud Recruiting with the Office 365
Calendar Integration
This section describes how the integration with Office 365 can be configured using the Enterprise Recruiting and
Candidate Experience Information administration page in the Setup and Maintenance work area.

The configuration will also validate that the integration is working properly by validating the following elements:
 Tokens can be retrieved for the Microsoft API using the configuration application
 Active Directory users can be searched through the API integration
 The calendar of the default user can be retrieved

Steps to configure the Office 365 Calendar Integration in Oracle Recruiting Cloud:
1. Log into HCM Cloud.
2. Go to the Setup and Maintenance work area and search for the task Enterprise Recruiting and Candidate
Experience Information.
3. Fill the following information:

Enterprise Recruiting and Candidate Experience Information: Office 365 Calendar Integration

SETTING NAME REQUIRED DESCRIPTION

Access Type Yes This configures how the integration accesses the Office
365 information. Possible values are “All Users” and
“Single User”.

Tenant ID Yes The tenant ID defined in the application configuration.

Application ID Yes The application ID defined in the application configuration.

Application Password Yes The application password defined in the application

configuration.

Calendar Name Yes The global calendar name that can be used to write and
delete the interview events.

Default User Depends on selected Access For the “All Users” access type, this is the fallback user ID
Identifier Type that can be used to write and delete the interview events.
This user is used in the case where the original user is not
All Users: No
able to write the event.
Single User: Yes
For the “Single User” access type, this is the user ID that is
used to perform all Office 365 operations.

4. Press the Validate Integration button to check that the configuration is set up correctly.
a. The validation checks that Oracle Cloud Recruiting can get a token by using the Tenant Id,
Application Id, and Application Password.
b. If the default admin user is defined, the validation will check that this user is in the Active
Directory and that Oracle Recruiting Cloud has access to their calendar.
5. The integration configuration is complete.

9 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public
Connect with us

Call +1.800.ORACLE1 or visit oracle.com. Outside North America, find your local office at: oracle.com/contact.

blogs.oracle.com facebook.com/oracle twitter.com/oracle

Copyright © 2023, Oracle and/or its affiliates. This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document
is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of
merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or
indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written
permission.

Oracle, Java, MySQL, and NetSuite are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

10 Oracle Recruiting Cloud / Version 2.0

Copyright © 2023, Oracle and/or its affiliates / Public