Configuring the authorization method between Lever and Office 365

Follow
Available for Roles Super Admin
Users need Office 365 administrator permission to configure the authorization method
Permissions • Manage company settings
Packages Lever Basic, LeverTRM, LeverTRM for Enterprise

 

This integration is only available to teams that are entirely based on Office 365 and are not using any on-premise Exchange servers. If you are not sure about your company’s configuration, please ask a member of your IT team to reach out to our Support team. This integration is not compatible with Office 365 GCC High at this time.

Lever's Office 365 integration overlaps with the ways in which you work in Lever such as login, email, and scheduling. In this article, you will learn how you can configure the authentication method by which can grant Lever permission to sync users' email, calendar, and/or contacts with Office 365.


Authorization options

Account syncing between Lever and Office 365 is an opt-in feature and Lever will only sync if consent has been provided. Lever uses an authentication standard known as OAuth. By adhering to this standard, Lever does not receive or store your users' Office 365 credentials. To learn more, refer to Microsoft's help article on OAuth.

There are two options for authorization with Lever’s Office 365 integration:

  1. Users individually authorize Lever (recommended)
    Enables users to choose to sync their email, calendar, and/or contacts.
  2. Office 365 administrator configured
    Require Office 365 administrator to grant consent and select permissions for all users.

By default your Lever instance will be set to option 1, "Users individually authorize Lever." Users will choose to sync their email, calendar, and/or contacts.

Configuring the Office 365 authorization method

Before proceeding, you must grant tenant-wide consent for Lever in your Office 365. View the steps in Office 365's article: Grant tenant-wide admin consent to an application. Users with Office 365 administrator permission and Super Admin access in Lever can configure the authorization method.

  • Navigate to Settings > Company
  • Navigate to the Permissions for Email/Calendar integration section

By default your Lever instance will be set to "Users individually authorize Lever." This means that users in your Lever instance will each choose to sync their own email, calendar, and/or contacts.

Screenshot_2023-04-03_at_10.08.06_AM.png

The second authorization method is Office 365 administrator configured. This means that the Office 365 administrator will grant consent and select permissions for all Lever users:

  • Select "Office 365 administrator configured"

Screenshot_2023-04-03_at_10.08.06_AM_copy.png

  • In the configuration modal, check the box confirming you are an administrator for your company's Office 365 account
  • In the Office 365 permissions section, check the boxes Calendar, Contacts, and Email boxes for the permissions you wish to enable, including Full or Limited email sync
  • Click the blue Go to 0365 Auth button

Only an Office 365 administrator will have the ability to accept the email and calendar permissions required in the following steps.

Screenshot_2023-04-03_at_10.24.34_AM.png

  • In the Office 365 sign in page, enter your Office 365 administrator credentials
  • Review the list of permissions requested and click the Accept button

Screenshot_2023-04-03_at_10.28.31_AM.png

After accepting, you will be taken back to the Settings > Company page in Lever where you will see the the Office 365 administrator configured authorization option is selected.

Other users in your Lever instance must now re-authenticate using Microsoft SSO to use the Microsoft Email and Calendar integration as newly configured.

Authorization method effects

Users individually authorize Lever

If you have decided to let your organization's Lever users to individually authorize Lever and select which permissions they consent to, you must ensure that 'allow user consent for apps' is selected in the User consent settings section of your Entra ID Administrator Portal. 

User consent settings page in Entra Admin portal

After logging into Lever, users will be able to grant access to the permissions of their choosing in Settings > My account.

Screenshot_2023-04-03_at_11.49.03_AM.png

Users also retain the ability to revoke any of the permissions they have granted at any time. To learn more, refer to our help article on configuring personal account settings.

Office 365 administrator configured

Configuring the option to require authorization from your organization's Office 365 administrator means that when one of the users in your Lever environment logs in, Lever will be automatically granted access to the permissions for which their Office 365 administrator has given consent. Upon logging in, users will not be prompted to grant Lever access to these permissions, and they will not have the ability to grant or revoke access to these permissions from their personal account settings.

Was this article helpful?
0 out of 1 found this helpful