O365 Setup for Playbooks Emails
How do I set up O365 to send emails from Playbooks?
Setting Up O365 for Playbooks Emails
Playbooks allows users to send emails directly from the product using their own email accounts. These emails are tracked and reps are notified when their prospects engage with their emails.
Setting up O365 for Playbooks emails is pretty simple for most customers. The Playbooks admin will specify Microsoft Office 365 in the Email Service Provider dropdown in the Playbooks Manager > Settings > Email, and that’s it!
O365 Requires Admin Consent for Third-party Applications
If O365 has been configured to require Admin consent for 3rd Party Apps, then the following will need to be configured.
A customer’s O365 administrator must log into their Azure Active Directory and enable the admin consent for the Playbooks application. Prior to granting access, the following screen will appear with the list of permissions the Playbooks application requires to function:
Permissions Required/Granted by Playbooks for O365 OAuth Process
- Openid – Used to get an ID token with the basic user information.
- Profile – Used to provide basic user profile info.
- Email – Used to obtain the user’s email address.
- Offline_access – Used to obtain a refresh token. This is necessary so the end-user doesn’t have to go through the OAuth flow every hour. This also adds functionality by giving Playbooks the ability to scheduled emails.
- https://outlook.office.com/mail.send – Used to send email through O365 on behalf of the end-user.
- https://outlook.office.com/mail.read – Used to look for reply messages from prospects the user has created in Playbooks. This enables our reply tracking functionality.
- https:\\graph.microsoft.com\calendars.read – Used to see the users availability on their calendar.
- https:\\graph.microsoft.com\calendars.write – Used to create calendar events when a prospect requests a meeting.
O365 Administrator Actions and End User Impact
- All actions taken by the administrator occur within the customer’s O365 instance, not within Playbooks or any XANT systems.
- O365 administrator credentials are never entered, seen, used, or stored by the Playbooks application or XANT.
- Configurations that are set by the O365 administrator remains in place as part of the customer’s O365 instance unless manually removed; settings are not tied to any specific O365 administrator.
- Permissions listed above are granted for end-users with an active subscription to the Playbooks application.
- Permissions requested are for delegated permissions, meaning each end-user must go through the setup and OAuth flow upon initial use before Playbooks can access resources on their behalf.
NOTE: When consent is granted by the admin, users do not see the approval screen. They simple enter their credentials to authenticate their account. The GIF below show the user-level OAUTH authentication process from the XANT email.
- Application permissions can be configured on a per-client basis.
- Application permissions are limited to least privileged based on permissions granted by the customers O365 administrator. Meaning that if Playbooks requests permissions that were not granted during admin consent in O365, the authentication flow will halt.
For additional information regarding the admin consent process and scope, please refer to Microsoft’s documentation located at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes.
For additional information regarding the end user OAuth flow, please refer to Microsoft’s documentation located at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code.