Available for | Roles | Super Admin, Admin, Team Member, Limited Team Member, Interviewer |
Permissions | • N/A | |
Packages | Lever Basic, LeverTRM, LeverTRM for Enterprise |
Connect Lever to essential workplace collaboration tools like Microsoft 365 to create a seamless workflow that enhances communication, collaboration, and organization within your recruitment workflow. As well, the integration allows users to log in using their Microsoft email and password, via Microsoft single sign-on (SSO). To learn more on the permissions and scopes detailed below, refer to the following Microsoft resources:
Microsoft OAuth documentation
Microsoft API scopes documentation
Permissions required by role
Please note, Lever will never access your data without your permission. In order to use Lever's integration with Microsoft 365, users will be asked to grant Lever access to certain Microsoft account permissions. These permissions may vary depending on the role. For more information on role based access, refer to our role permission breakdown help article.
|
Lever accounts on Microsoft 365 may choose to grant consent and select permissions on behalf of all users instead of each user taking this action individually. For more information, refer to our help article on configuring the authentication method between Lever and Office 365. |
Interviewers
Lever only needs to read a user's email address and basic identifying information in order to sign in. Lever does not need access to Outlook or their calendar of interviewers. Lever still has the ability to add events to an interviewer's Outlook calendar.
Super Admins, Admins, Team Member, and Limited Team Members
Lever will ask for permission to access Outlook email and calendar for users assigned to these roles. To review or enable permissions for your account, navigate to Settings > My account:
Access will only be utilized when Lever requires it, such as when:
- Logging in
- Scheduling interviews
- Sending email to candidates from their own email account
- Snoozing candidates (creates a calendar notification)
Authentication permissions
These permissions allow users to login to Lever using their Microsoft email and password, via Microsoft single sign-on (SSO). These authentication permissions are required when integrating with Lever.
This allows you to login to Lever even when you are not currently signed in to Microsoft. The ‘data’ that this provides Lever access to is only your public profile data in Microsoft 365 (user name, email address) which allows Lever to verify your identity when you login.
These allow you to login to Lever and have Lever remember that you are logged in, and enable the OAuth flow from Lever via Microsoft 365. This means that we do not store any user credentials, and you aren’t required to give us your Microsoft username or password.
Contacts permissions
These permissions correspond to the 'Contacts' checkbox. Your contacts may include the names, phone numbers, addresses, and other info about the people you know.
Lever users can leave this box unchecked if they want, and it will have no impact on the functionality of the email/calendar integration. We use contact data to autofill email addresses in the email editor.
Calendar permissions
These permissions correspond to the 'calendar' checkbox. This will be used when scheduling and rescheduling interviews in Lever.
This permission allows Lever to see calendar resources tied to the domain of the user’s email address. For example, this lets Lever read the names of shared calendars a user can access so they can see them in the 'Add to calendar' dropdown when scheduling.
This technically gives Lever permission to manage calendar settings. Lever uses this to view individuals' Outlook Calendar settings, and lets us see how to display calendar information in Lever. For example, which shared calendars to display in the 'Add to calendar' drop-down and how much event information a user should see in the 'view availability' finder.
This gives Lever access to your company's places such as conference rooms and room lists. This list will populate in the 'Location' field during the scheduling workflow, and your team can reserve these rooms when scheduling interviews in Lever.
Email permissions
These permissions correspond to the 'Email' checkbox. Lever uses this to sync emails between Lever and Outlook so your team can maintain record of candidate correspondence using the communication tools your organization has selected.
Lever uses the 'read' email permission for email syncing. When a user sends an email to a candidate using Lever, there are some Lever-specific pieces of data that are added to the email headers. Lever is using the 'read' permission to read the headers of emails in a user’s inbox and sent folder, and look for messages with those Lever-specific pieces of data to sync back to the appropriate candidates in Lever. If Lever reads an email’s headers and does not find the Lever-specific data, that email is not synced and not visible within Lever. Lever uses a 'default-deny' policy and will only sync and store email threads in which the special headers are present.
It’s also possible for a user to run a task to manually sync emails from a specific candidate. Rather than reading email headers for Lever-specific pieces of data, this task searches the user’s inbox for emails to/from the email address on the candidate profile and syncs any emails that come up to the candidate’s profile. For more information, refer to our help article on syncing emails from Office 365.
|
While Lever reads all email headers to identify emails that should be synced, we do not read or sync the content or message of unrelated emails. If your organization has any concerns with the read permission requested, then please refer to our help article on Lever's limited email sync configuration. |
Lever requests the 'send' email permission to take full advantage of the Microsoft 365 integration. When a user composes an email in Lever, they’re writing it as if they’re using their Microsoft user account, and sending the email actually sends it from that user’s Outlook email, so it appears in their work 'Sent' folder as well. This permission is used by Lever to allow users to voluntarily compose and send emails to candidates. We don’t use any part of this permission to send emails on behalf of users without them taking an action to prompt sending an email.
Scope summary table
Here is a summary table of the scopes associated with the Microsoft 365 integration.
Scope | Description | Display String | Description |
Authentication | View users' email address | Allows the app to read your users' primary email address. | |
openid | Sign users in | By using this permission, an app can receive a unique identifier for the user in the form of the sub claim. The permission also gives the app access to the UserInfo endpoint. The openid scope can be used at the Microsoft identity platform token endpoint to acquire ID tokens. The app can use these tokens for authentication. | |
profile | View users' basic profile | Allows the app to see your users' basic profile (name, picture, user name). | |
User.ReadBasic.All | Read all users' basic profiles | Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user. | |
User.Read.All | Read all users' full profiles | Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. | |
Contacts | Contacts.Read | Read user contacts | Allows the app to read user contacts. |
Scheduling |
Calendars.ReadWrite | Have full access to user calendars | Allows the app to create, read, update, and delete events in user calendars. |
Calendar.ReadWrite.Shared | Read and write user and shared calendars | Allows the app to create, read, update and delete events in all calendars the user has permissions to access. This includes delegate and shared calendars. | |
Place.Read.All | Read all company places | Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant. | |
Emailing | Mail.Read | Read user mail | Allows the app to read email in user mailboxes. |
Mail.ReadWrite | Read and write access to user mail | Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail. | |
Mail.Send | Send mail as a user | Allows the app to send mail as users in the organization. |