Skip to main content
All CollectionsSecurity, Privacy and Terms
SSO and Email Integration with Microsoft: IT Documentation

SSO and Email Integration with Microsoft: IT Documentation

This guide provides detailed instructions for configuring Single Sign-On (SSO) and email integration for Parspec using Microsoft’s Entra Admin Center. This document will help IT administrators manage user consent, ensure a smooth integration process,

Tom Murphy avatar
Written by Tom Murphy
Updated over 3 months ago

Overview

Parspec’s integration with Microsoft requires user consent for accessing the user’s Microsoft account details, specifically for SSO (Single Sign-On) and email integration using the Graph API for sending emails. Depending on your organization’s consent settings in the Entra Admin Center, users may need to request admin approval to enable these integrations.

Consent Options in Microsoft Entra Admin Center

The Microsoft Entra Admin Center provides three different consent settings for applications like Parspec. Based on the consent configuration, the process will differ:

1. Allow Users to Consent for the App

When the IT admin enables the setting that allows users to consent for apps:

  • Users will be prompted directly by Microsoft to provide consent when they attempt to log in using SSO or connect their Outlook account for email integration.

  • During the login process, the user will see a popup requesting permission for Parspec to access certain information from their Microsoft account for SSO

  • For email integration, the user will need to connect their outlook email in Settings -> My Profile -> Preferences. When connecting the user will see a popup requesting permission for Parspec to allow the Mail.Send permission (a restricted scope used for sending emails via the user’s Microsoft tenant).

2. Require Admin Consent for App Requests

If the IT admin requires all app consent requests to go through admin approval, the following cases may arise:

Case 1: Users Are Allowed to Send Admin Consent Requests

  • When users attempt to log in with SSO or integrate their email, they will be prompted to send a consent request to the admin.

  • The admin can review these requests by navigating to:

    • Entra Admin Center -> Enterprise Applications -> Admin Consent Requests

  • The admin can review the requested permissions (e.g., SSO, Mail.Send) and grant or deny the request based on their security policies.

  • Once approved, users will be able to proceed with the integration.

Case 2: Users Are Not Allowed to Send Admin Consent Requests

  • In this case, when users attempt to log in via SSO or connect their email account, they will receive an error stating that consent is required.

    ​​

  • The admin must manually grant consent by navigating to:

    • Entra Admin Center -> Enterprise Applications -> Parspec -> Permissions -> Grant Admin Consent for App

  • Once consent is granted, users will be able to log in and use the email integration without further issues.

Step-by-Step Instructions for IT Admins

Scenario 1: Granting Admin Consent for Parspec (For Restricted Scope Permissions)

Follow these steps if admin consent is required:

  1. Log in to the Entra Admin Center.

  2. Navigate to Enterprise Applications.

  3. Find and select Parspec from the list of applications

    1. There will be one application for SSO and a separate Parspec application for the Email integration

  4. Under the Permissions tab, click Grant Admin Consent for App.

  5. Review the requested permissions (e.g., Mail.Send) and confirm to grant access.

Scenario 2: Reviewing Admin Consent Requests

If users are allowed to send consent requests:

  1. Navigate to Entra Admin Center -> Enterprise Applications -> Admin Consent Requests.

  2. Review the requested permissions for Parspec.

  3. Approve or deny the consent request based on your organization’s policies.

Enforce SSO Across Account

To enable SSO enforcement across the entire account, please contact support@parspec.io to have this feature activated. Once enabled, an account admin must ensure that IT has granted Admin Consent for Parspec in the Entra Admin Center.

  1. After the necessary SSO Graph API permissions have been granted, the admin can proceed as follows:

    1. Navigate to SettingsUser ManagementSSO Settings

  2. Under SSO Settings, toggle “Enforce SSO for all users”.

  3. Once SSO enforcement is enabled:

    1. All current users who do not have SSO already enabled will be logged out of the application and sent an email from support@parspec.io with a call-to-action (CTA) link to log back in via Microsoft SSO.

    2. New users added after SSO enforcement will default to account creation via SSO.

    3. Users will no longer be able to connect any Microsoft account outside the tenant from which they were originally invited.

    4. Login via any method other than SSO will be disabled entirely.

    5. Additionally, revoking a user’s Microsoft access will automatically revoke their access to Parspec.

Microsoft Resources for Further Assistance

Microsoft Entra Admin Center Documentation

Consent and Permissions in Microsoft Graph

For any further assistance with Parspec integration, please contact your IT admin or the Parspec support team.

Related Articles
Email Quotes to Customers
Email Package to Customers
Did this answer your question?