Profile — Integrations ▸ Calendar sync & admin authorization
The Profile ▸ Integrations ▸ Calendar tab is where each staff member connects their own Google or Microsoft 365 / Outlook calendar for two-way sync with Athenty. This is a per-user preference — every member connects their own account; connecting is never done for the whole firm at once.
For what the sync actually does once connected (mirroring external events into Athenty, pushing matter deadlines out, sharing free/busy, per-user reminders), see My Calendar → Connected calendars. This page covers connecting and, importantly, what to do when your organization requires an administrator to approve the connector first.
Two-way sync vs. read-only subscribe
Section titled “Two-way sync vs. read-only subscribe”There are two different ways to get Athenty dates into a calendar. Don’t confuse them:
| Connect (this page) | Subscribe | |
|---|---|---|
| Direction | Two-way — external events flow into Athenty, and matter deadlines can flow out | One-way, read-only — Athenty dates appear in your calendar; edits never flow back |
| Sign-in | OAuth to Google / Microsoft (may need admin approval) | None — just a private URL |
| Admin involvement | May require IT-admin authorization (below) | Never |
| Best for | Seeing your real availability inside Athenty and pushing deadlines out | Quickly mirroring your Athenty dates into any calendar app |
If you only want your Athenty dates to show up in a calendar app and don’t need external events inside Athenty, use Subscribe instead — it needs no permissions and no administrator. See Subscribe in your calendar.
Connecting your calendar
Section titled “Connecting your calendar”- Open Profile ▸ Integrations ▸ Calendar.
- Under Google Calendar or Microsoft / Outlook Calendar, click Connect.
- You’re taken to Google’s or Microsoft’s own sign-in and consent screen. Review the permissions and approve.
- You’re returned to Athenty and the card shows Connected with the account’s email. Pick which calendars to sync and who can see the events.
Athenty only ever asks for delegated access — it acts as you, sees only the account you personally connect, and can be disconnected at any time from the same card (which drops Athenty’s stored tokens).
”You need admin approval” — authorizing the connector for your organization
Section titled “”You need admin approval” — authorizing the connector for your organization”Some organizations lock down which third-party apps their members may grant access to. If yours does, clicking Connect shows a message from Google or Microsoft such as “Need admin approval”, “You need admin approval”, or “admin has restricted access” — and the connection stops there. This is expected: it means your Microsoft 365 (Entra ID) or Google Workspace administrator must authorize the Athenty connector once, for the whole organization, before members can connect.
The connector, in brief (for your administrator)
Section titled “The connector, in brief (for your administrator)”Both providers register the same app, named Athenty Calendar Sync:
| Microsoft 365 / Entra ID | Google Workspace | |
|---|---|---|
| App name | Athenty Calendar Sync (Entra enterprise application) | Athenty Calendar Sync (Google Cloud OAuth client, Web application) |
| Access type | Delegated (acts as the signed-in user), multi-tenant | Delegated (per-user OAuth consent) |
| Permissions requested | Calendars.ReadWrite, offline_access, openid, email | .../auth/calendar.events, .../auth/calendar.calendarlist.readonly (read-only), openid, email |
| What it can touch | Only the mailbox of the user who connects — read/write their calendar events | Only the calendar of the user who connects — read their calendar list, read/write their events |
| Redirect / callback URL | https://api.athenty.com/v2/calendar/sync/oauth/callback | https://api.athenty.com/v2/calendar/sync/oauth/callback |
The connector uses per-user delegated OAuth: each member signs in and consents individually. It does not use Microsoft application permissions or Google domain-wide delegation, so authorizing it does not give Athenty standing access to every mailbox — it only unblocks members’ ability to connect their own calendar.
Microsoft 365 / Entra ID (Azure AD)
Section titled “Microsoft 365 / Entra ID (Azure AD)”The wall appears when your tenant’s user-consent settings are restricted (a common default in managed tenants) — “Do not allow user consent” or “Allow user consent only for apps from verified publishers.” A Global Administrator (or Privileged Role / Cloud Application Administrator) resolves it:
Option A — approve the pending request (simplest).
- When a member clicks Connect and is blocked, Microsoft can send an admin consent request. In the Microsoft Entra admin center go to Identity ▸ Applications ▸ Enterprise applications ▸ Admin consent requests.
- Find the request for Athenty Calendar Sync, review the requested
permissions (delegated
Calendars.ReadWrite,offline_access, sign-in), and Approve.
(Admin consent requests must be enabled first, under Enterprise applications ▸ Security ▸ Consent and permissions ▸ Admin consent settings, for the request to appear. If it’s off, use Option B.)
Option B — grant tenant-wide consent ahead of time.
- In the Entra admin center, go to Identity ▸ Applications ▸ Enterprise applications and search for Athenty Calendar Sync.
- Open it, go to Permissions, and choose Grant admin consent for <your organization>. Members can then connect without an individual approval prompt.
- If the app doesn’t yet appear in Enterprise applications, have one member start Connect first (which registers it in your tenant), then grant consent; or ask Athenty support for the tenant-wide admin-consent link.
What’s being consented to. Delegated Microsoft Graph permissions:
Calendars.ReadWrite (read/write the signed-in user’s calendar),
offline_access (keep syncing without re-prompting), and OpenID sign-in
(openid, email) to read the connecting account’s email address. No mail,
files, contacts, or other users’ calendars.
Google Workspace
Section titled “Google Workspace”If your Workspace restricts third-party app access (API controls), members are blocked until an administrator marks the Athenty OAuth client Trusted. A Super Admin (or an admin with the Security privilege) does this:
- In the Google Admin console, go to Security ▸ Access and data control ▸ API controls.
- Under App access control, click Manage Third-Party App Access.
- Configure a new app ▸ OAuth App Name Or Client ID, and search for Athenty Calendar Sync (or paste its OAuth client ID — obtain the exact ID from Athenty support so you trust the right client).
- Select the app, choose the organizational units / groups it applies to, and set access to Trusted. (Limiting by scope, the app only needs Google Calendar access.)
- Save. Members can now complete Connect and grant access to their own calendar.
What’s being consented to. Google OAuth scopes: read your calendar list,
read/write your calendar events, and sign-in (openid, email). No Gmail,
Drive, Contacts, or other users’ calendars.
After the administrator authorizes it
Section titled “After the administrator authorizes it”Return to Profile ▸ Integrations ▸ Calendar and click Connect again — the consent screen now completes and the card shows Connected. From there, pick the calendars to sync, choose who can see the events (default: private to you; shared scopes only ever expose a label-less Busy block), and optionally turn on pushing your Athenty matter deadlines onto the calendar. See My Calendar → Connected calendars for the full walkthrough.
Troubleshooting
Section titled “Troubleshooting”| Symptom | Cause | Fix |
|---|---|---|
| ”Need admin approval” / “You need admin approval” (Microsoft) | Tenant user-consent is restricted | Admin grants consent for Athenty Calendar Sync (Entra ▸ Enterprise applications) |
| “Access blocked: authorization error” / “admin has restricted access” (Google) | Workspace App access control blocks unconfigured/third-party apps | Admin marks the app Trusted in Admin console ▸ API controls |
| ”Unverified app” warning (Google) | Scope verification still in progress | Admin trusts the app; or proceed via Advanced if your org allows it |
| Card shows Re-auth needed | The stored token expired or was revoked | Click Reconnect on the card to re-run the same sign-in |
| Connected, but “Couldn’t load your calendars” | Token no longer valid at the provider | Click Reconnect on the card |
If your administrator has authorized the connector and members still can’t connect, contact Athenty support with the exact provider message shown so we can confirm the tenant configuration.