Accounts with an active Microsoft 365 integration are advised to migrate to the new authentication mechanism by reconnecting their Microsoft 365 account.
To do so, visit your Settings > Integrations page and click Reconnect Microsoft 365.
After that, the two toggles for Outlook email and calendar will become available and against each toggle, a Reconnect prompt will be displayed.
Note: It's not a requirement to be a Microsoft 365 admin to initiate this. Depending on your organization's 365 settings though, admin approval may be required to complete the setup.
- After clicking Reconnect, a pop up window will appear, prompting you to sign in to Microsoft 365
- Review the permissions and select the checkbox to "Consent on behalf of your organization"
- Confirm the connection
- If desired, repeat these steps so that email and calendar are both activated
In case admin approval is needed, you will see the following screen:
At this point, you can either create an approval link and share it with your Microsoft 365 admin or ask your IT team to configure how users consent to applications like Workable.
Create an approval link
- On the Settings > Integrations page in Workable, an option will appear under the 365 integration that prompts you to generate an approval link
- This link should be sent to the administrator of your Microsoft 365 account (usually an IT person at your company)
- When the 365 admin accesses this link they will be prompted to review the permissions that Workable has requested and approve the connection
You'll now be able to successfully complete the setup steps above.
Configure user consent settings
Alternatively, your IT team could configure how users consent to applications. They can check the instructions of this guide. In short:
- Sign in to the Azure portal as a Global Administrator
- Select Azure Active Directory > Enterprise applications > Consent and permissions > User consent settings
- Under User consent for applications, select which consent setting you want to configure for all users. Essentially, the second (depending on your account configuration) and the third option will ensure user consent without the need for an admin's approval.
- Select Save to save your settings.
Connecting individuals' accounts
After the migration, individual account members will need to re-authenticate and connect their 365 accounts on first use. When they try to email or schedule with a candidate for the first time, they’ll be prompted to authenticate their own 365 accounts. This is a one-time process.
It's also possible to prompt users to connect their accounts without them trying to send an email/event in Workable. A Super admin could share with them a link in this format:
https://[subdomain].workable.com/auth/microsoft?
pdr=microsoft&pdr_connect=true&prompt=consent&permit=basic,email,calendar
Replace the [subdomain] with your Workable subdomain; it is the first part of the URL you see when signed in to Workable. This link will automatically redirect users to the permissions window to connect their 365 accounts.
Migration for accounts with the alternate configuration
The old alternate configuration setup will not be supported with the new Graph API. Once you migrate to the new authentication it is up to you to decide how you control the users that connect their accounts. After the integration is enabled for the account, each user will be prompted to authenticate their accounts; if they don't complete this process Workable will not have access to their email and calendar. Depending on your needs you can also consider the following:
- Set as Reviewers (limited access) users who you don't wish to send emails/events
- Your IT team can revoke access (in M365) if a user connects their account to Workable while they shouldn't
- For a more restricted configuration contact Microsoft for further assistance on setting this up