Configuring the authentication method between Lever and Office 365

Follow
Available for User roles Super Admin
Packages All packages

 

This integration is only available to teams that are entirely based on Office 365 and are not using any on-premise Exchange servers. If you are not sure about your company’s configuration, please ask a member of your IT team to reach out to our Support team. This integration is not compatible with Office 365 GCC High at this time.

There are many components to our Office 365 integration that overlap with the ways in which you work in Lever such as login, email, and scheduling. In this article, you will learn how you can configure the authentication method by which can grant Lever permission to sync users' email, calendar, and/or contacts with Office 365.

Configuring how users authorize Lever’s Office 365 integration

Note that account syncing between Lever and Office 365 is an opt-in feature. Lever will only sync if consent has been provided. Lever uses an authentication standard known as OAuth. By adhering to this standard, Lever does not receive or store your users' Office 365 credentials. To learn more, refer to Microsoft's help article on OAuth.

If you are using Lever’s Office 365 integration, there two options for authentication: 

  1. Users to individually authorize Lever (recommended) 
    Enables users to choose to sync their email, calendar, and/or contacts.
  2. Office 365 administrator configured
    Require Office 365 administrator to grant and select permissions for all users.

By default, your Lever account will be set to allow users to individually consent to syncing their email, calendar, and/or contacts. Users with Office 365 administrator permission and Super Admin access in Lever can configure the authentication method via their Company Settings (by navigating to Settings > Company Settings).

Office 365 OAuth configration options

If you selection the option to have your organization's Office 365 administrator to grant consent and selection permissions for all users, a popup will appear requiring you to confirm that you are an Office 365 administrator. Only an Office 365 administrator will have the ability to accept the email and calendar permissions required in the following step.

Authorize Office 365 integration popup

After clicking the Go to O365 Auth button, you will be prompted to enter your credentials and then asked to accept the email and calendar permissions that Lever is requesting. After accepting, you will be taken back to your Company Settings page in Lever where you will find the the Office 365 administrator configured authorization option is selected.

Authorization method effects and prerequisites

Office 365 administrator configured

Configuring the option to require authorization from your organization's Office 365 administrator means that when one of the users in your Lever environment logs in, Lever will be automatically granted access to the permissions for which their Office 365 administrator has given consent. Upon logging in, users will not be prompted to grant Lever access to these permissions, and they will not have the ability to grant or revoke access to these permissions from their personal account settings.

Personal account permission checkboxes for contacts, calendar, and email.

Users individually authorize Lever

If you have decided to let your organization's Lever users to individually authorize Lever and select which permissions they consent to, you must ensure that the 'Users can consent to apps accessing company data on their behalf' setting  in the User settings section of your Azure Administrator Portal (pictured below) is set to 'Yes.'

User settings page in Azure Admin portal

After logging into Lever, users will be able to grant Lever access to the permissions of their choosing via their personal account settings. Users also retain the ability to revoke any of the permissions they have granted at any time. To learn more, refer to our help article on configuring personal account settings.

Was this article helpful?
0 out of 0 found this helpful