Documentation
Start typing to search…

How to update permission settings to enable automatic deletion of calendar events

Introduction

We’re adding protection for malicious calendar invites. To enable this feature, the Sublime app requires updated permission that includes Calendar. This allows Sublime to detect and remediate harmful calendar events and aligns with the same security and privacy posture as your current setup.

Setup

Cloud-managed Google Workspace

  1. Sign into the Google Workspace admin interface at https://admin.google.com
  2. In the lefthand sidebar, click Apps → Google Workspace Marketplace apps → Apps list
  3. Click on Sublime Platform in the list of domain installed apps
  4. Grant access
  5. Allow up to 24 hours for changes to propagate

Self-managed Google Workspace

  1. Add the Calendar API scope to your existing domain-wide delegation client (ID: 112905660299333414135): https://www.googleapis.com/auth/calendar.events
  2. Enable the Google Calendar API in your project
  3. Allow up to 24 hours for changes to propagate

Cloud-managed Microsoft 365

  1. Visit your organization‑specific authorization link to start the Microsoft consent flow. You can access the link by going into your Azure Portal https://portal.azure.com/#home → Enterprise Applications → Sublime → Permissions under Security → Click "Grant admin consent for [Company]"
    1. Or you can also access by going into your Azure Portal -> App Registrations → Sublime → Manage → API Permissions → Click "Grant admin consent for [Company]"
  2. Accept the request that now includes “Read and write calendars”
  3. Allow up to 24 hours for changes to propagate

Self-managed Microsoft 365

  1. Add the application permission Calendars.ReadWrite to your Azure AD app
  2. Grant admin consent
  3. Allow up to 24 hours for changes to propagate

That's it!

Tips for further securing your Google calendar

Depending on how Google Workspace is configured, attackers may be able to add meetings to calendars without sending an email. To prevent these “silent” invitations, you can change the following org-wide settings. In Google Workspace Admin Console, go to Apps → Google Workspace → Calendar → Advanced settings. Set Add invitations to my calendar to “Invitations from known senders” or “Invitations users have responded to via email”.

As of publication, we have not verified a similar mitigation strategy for Microsoft 365.


Updated 10 days ago