Playbooks allows users to send emails directly from the product using their own email accounts. These emails are tracked and reps are notified when their prospects engage with their emails.
Setting up O365 for Playbooks emails is pretty simple for most customers. The Playbooks admin will specify Microsoft Office 365 in the Email Service Provider dropdown in the Playbooks Manager > Settings > Email, and that's it!
O365 Requires Admin Consent for 3rd Party Applications
If O365 has been configured to require Admin consent for 3rd Party Apps, then the following will need to be configured.
A customer’s O365 administrator must log into their Azure Active Directory and enable the admin consent for the Insidesales.com Playbooks application. Prior to granting access, the following screen will appear with the list of permissions the Playbooks application requires to function:
Permissions required/granted by Playbooks as part of the end-user O365 OAuth process:
Openid - Used to get an ID token with the basic user information
Profile - Used to provide basic user profile info
Email - Used to obtain the user’s email address
Offline_access - Used to obtain a refresh token.This is necessary so the end-user doesn’t have to go through the OAuth flow every hour.This also adds functionality by giving Playbooks the ability to scheduled emails
https://outlook.office.com/mail.send - Used to send email through O365 on behalf of the end-user
https://outlook.office.com/mail.read - Used to look for reply messages from prospects the user has created in Playbooks.This enables our reply tracking functionality
It is important to note the following regarding 0365 administrator actions and end-user impact:
- All actions taken by the administrator occur within the customer’s O365 instance, not within Playbooks or any Insidesales.com systems.
- O365 administrator credentials are never entered, seen, used, or stored by the Playbooks application or Insidesales.com
- Configurations that are set by the O365 administrator remains in place as part of the customer’s O365 instance unless manually removed; settings are not tied to any specific O365 administrator
- Permissions listed above are granted for end-users with an active subscription to the Playbooks application
- Permissions requested are for delegated permissions, meaning each end-user must go through the setup and OAuth flow upon initial use before Playbooks can access resources on their behalf
- Application permissions can be configured on a per-client basis.
- Application permissions are limited to least privileged based on permissions granted by the customers O365 administrator.Meaning that if Playbooks requests permissions that were not granted during admin consent in O365, the authentication flow will halt.
For additional information regarding the admin consent process and scope, please refer to Microsoft’s documentation located at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes.
For additional information regarding the end user OAuth flow, please refer to Microsoft’s documentation located at https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code.