This guide provides detailed instructions for configuring Single Sign-On (SSO) and email integration for Parspec using Microsoft’s Entra Admin Center. This document will help IT administrators manage user consent, ensure a smooth integration process,
Overview
Parspec’s integration with Microsoft requires user consent for accessing the user’s Microsoft account details, specifically for SSO (Single Sign-On) and email integration using the Graph API for sending emails. Depending on your organization’s consent settings in the Entra Admin Center, users may need to request admin approval to enable these integrations.
Consent Options in Microsoft Entra Admin Center
The Microsoft Entra Admin Center provides three different consent settings for applications like Parspec. Based on the consent configuration, the process will differ:
1. Allow Users to Consent for the App
When the IT admin enables the setting that allows users to consent for apps:
- Users will be prompted directly by Microsoft to provide consent when they attempt to log in using SSO or connect their Outlook account for email integration.
- During the login process, the user will see a popup requesting permission for Parspec to access certain information from their Microsoft account for SSO
- For email integration, the user will need to connect their outlook email in Settings -> My Profile -> Preferences. When connecting the user will see a popup requesting permission for Parspec to allow the Mail.Send permission (a restricted scope used for sending emails via the user’s Microsoft tenant).
2. Require Admin Consent for App Requests
If the IT admin requires all app consent requests to go through admin approval, the following cases may arise:
Case 1: Users Are Allowed to Send Admin Consent Requests
- When users attempt to log in with SSO or integrate their email, they will be prompted to send a consent request to the admin.
- The admin can review these requests by navigating to:
- Entra Admin Center -> Enterprise Applications -> Admin Consent Requests
- The admin can review the requested permissions (e.g., SSO, Mail.Send) and grant or deny the request based on their security policies.
- Once approved, users will be able to proceed with the integration.
Case 2: Users Are Not Allowed to Send Admin Consent Requests
- In this case, when users attempt to log in via SSO or connect their email account, they will receive an error stating that consent is required.
- The admin must manually grant consent by navigating to:
- Entra Admin Center -> Enterprise Applications -> Parspec -> Permissions -> Grant Admin Consent for App
- Once consent is granted, users will be able to log in and use the email integration without further issues.
Step-by-Step Instructions for IT Admins
Scenario 1: Granting Admin Consent for Parspec (For Restricted Scope Permissions)
Follow these steps if admin consent is required:
- Log in to the Entra Admin Center.
- Navigate to Enterprise Applications.
- Find and select Parspec from the list of applications
- There will be one application for SSO and a separate Parspec application for the Email integration
- Under the Permissions tab, click Grant Admin Consent for App.
- Review the requested permissions (e.g., Mail.Send) and confirm to grant access.
Scenario 2: Reviewing Admin Consent Requests
If users are allowed to send consent requests:
- Navigate to Entra Admin Center -> Enterprise Applications -> Admin Consent Requests.
- Review the requested permissions for Parspec.
- Approve or deny the consent request based on your organization’s policies.
Microsoft Resources for Further Assistance
•Microsoft Entra Admin Center Documentation
•Consent and Permissions in Microsoft Graph
For any further assistance with Parspec integration, please contact your IT admin or the Parspec support team.