Team creation approval workflow
There are different Team creation approval workflows in nBold that could be configured using one of the below mentioned options:
- Approval email sent by nBold: This is the default and easiest option, works without any configuration.
- Approval email sent by your organization: If you need advanced security/compliance control over your notification emails.
- Microsoft Teams Approval App: A Microsoft Teams native experience, that you can customize using Power Automate or Logic Apps.
- Use your own custom app: Bring your own aproval workflow as a custom application.
Approval email sent by nBold
How does it work?
This is the option enabled by default in any new organization, and doesn't require any configuration. In this mode, the approval process is implemented as an Outlook actionable email, send from the notifications@salestim.io address.
nBold does NOT collect ANYTHING from these notification emails, neither openings, nor clicks, and does not include any invisible image or other form of tracker.
What about security?
Actionable messages security is guaranteed by:
- The fact that the actionable message could only be used from the context of a secured Outlook client, and that end-user authentication is entirely managed by the Outlook client (Desktop, Web and Mobile) by providing to the actionable message the required token.
- A sender verification is enforced using signed cards. See: Sender verification
- Phishing prevention is ensured by using a Card Signing mechanism
- Requests sent by the actionable message are verified to ensure that they originate from Microsoft. See: Verifying that requests come from Microsoft
- The token provided by Outlook to the actionable message is used to verify the end-user identity. See: Verifying the identity of the user.
Learn more by reading Security requirements for actionable messages in Office 365.
As a Microsoft 365 administrator, you can directly manage an end-user mailbox rules, and add the notifications@salestim.io address to its "Safe Senders" list.
See Use Exchange Online PowerShell to configure the safelist collection on a mailbox
Approval email sent by your organization
How does it work?
For advanced control over your approval notification emails (for instance to implement custom Exchange transport rules), you can configure nBold to send your approval emails from your own internal email as a sender.
What do I have to do?
You need to enable the service account that you configured in nBold to be authorized to send actionable messages. For that, and to ensure the security around the messages that are sent, Microsoft require to follow these quick steps:
- Open the Actionable Email Developer Dashboard and login with a Microsoft 365 user with
Exchange AdministratororGlobal administratorpermissions. - Select
New provider
Fill the form:
- Friendly Name:
nBoldOrTeams Approvalfor example - Provider Id (originator): Copy the value that is Automatically generated
- Organization Info: Automatically generated
- Sender email address from which actionable emails will originate: Your service account email address
- Target URLs:
https://api.salestim.io - Public Key:
<RSAKeyValue><Modulus>k0Qqob12HSdll52CbnXkQNW6nZO9477sE9pI8Y6z5M8hPtJinAf2r41Sxss3Y9oP1nzcfs3fHpi1AUjffyD44I2FxmqF+FGfgKsuWeYce/75Kb1QCEDOwTjP4kqgPD8NeJbWNIe2ZRRKilmxmmUZ6NErNEWvf8vzQvvpVeP9CLUIERuBxLlLlitjNTyCUjgTTkC+giKtmcxTnJ/lUav3erPsev8isS+IQwz6SaXCqj/eYnFkhM2ADF2UCL4ssgHEj6jYe4m8IyMQBgxxr4+4fziixn0uimGQqt54VbT4BToq7l7S8wSj3WNRwR7KBBWvo6pnx39fDMWazfLbe5NmsQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>- Logo: You can use the nBold Logo
- Scope of submission:
Organization - Additional Information: One of your Microsoft 365 Exchange or Global administrators
- Friendly Name:
Before submitting the form, BE SURE TO COPY THE PROVIDER ID VALUE
Accept the terms and conditions and hit "Save"
- Wait for your Microsoft 365 Exchange or Global administrators to approve this request
- Global Admin and Exchange Administrators are then receiving the request in inbox that needs to be approved.
- the administrator needs to approve:
- The Provider is then confirmed as approved
- Open the nBold Settings tab and open "Approval" and check the "Enable organization-level provider" option
- Paste the provider id you copied in the step 3 and hit "Save"
From the nBold Catalog, you should now be able to enable the approval workflow on your templates (You may have to refresh the page to see your changes).
For more details about this procedure, you may refer to Register your service with the actionable email developer dashboard.
What about security?
Actionable messages security is guaranteed by:
- The fact that the actionable message could only be used from the context of a secured Outlook client, and that end-user authentication is entirely managed by the Outlook client (Desktop, Web and Mobile) by providing to the actionable message the required token.
- A sender verification is enforced using signed cards. See: Sender verification
- Phishing prevention is ensured by using a Card Signing mechanism
- Requests sent by the actionable message are verified to ensure that they originate from Microsoft. See: Verifying that requests come from Microsoft
- The token provided by Outlook to the actionable message is used to verify the end-user identity. See: Verifying the identity of the user.
Learn more by reading Security requirements for actionable messages in Office 365.
Microsoft Teams "Approval" app
Instead of relying on Outlook actionable emails, you can leverage the Microsoft Teams Approvals app to implement your team creation approval workflow.
This options brings some valuable benefits and new options:
- Multi-stage approvals
- Dynamic approvers list (for instance based on the requester profile and manager)
- Integration with third-party apps
To learn more about this option, please read the Power Platform and Logic Apps Connectors documentation, and refer to these connector's triggers that you can leverage from Microsoft Power Platform and Azure Logic Apps:
- When a Team Creation Approval is Requested
- When a Team Creation is Approved
- When a Team Creation is Rejected
Use your own custom app
Instead of relying on Outlook actionable emails, you can use your own custom application to manage approval workflows.
To learn more about this option, please read the nBold API reference, and refer to these webhooks that you can leverage from your custom application.