For customers that will be deployed to their own self-hosted server Bulk Upload and Individual GSuite agent additions are currently supported.
A new Google App is required for customers that will be self-hosted.
Steps to create a new Google App under a customer’s G-Suite account
|https://www.googleapis.com/auth/userinfo.email||View your email address|
|https://www.googleapis.com/auth/userinfo.profile||See your personal info, including any personal info you’ve made publicly available|
|openid||Associate you with your personal info on Google|
|https://www.googleapis.com/auth/gmail.metadata||View your email message metadata such as labels and headers, but not the email body|
NOTE: OAuth consent screen goes through a verification process at Google. Google will send an email to the address specified as the support email that you entered as part of the Oauth consent screen once they have completed this process.
Please wait for verification confirmation before proceeding.
The JSON file created for the Service Account that authenticates to the Google Web application will need to placed in the /storage folder underneath the TTR application on the server.
These steps will grant timetoreply™ permission to read Gmail Metadata, and read a list of all the users on the customers G Suite Account
Once an agent has been invited an email invitation will be sent to their G-Suite account.
Clicking on the authorization link within the mail will grant timetoreply™ permissions to read the customers email metadata, which we will use for the sole purpose of monitoring and reporting.
As the Google App has not been verified by Google, agents will see the following message when trying to complete the authorization process:
This app isn’t verified
This app hasn’t been verified by Google yet. Only proceed if you know and trust the developer.
The agent will need to click proceed to ignore the browser warning and complete the authorization.
By authorizing, agents grant the timetoreply™ application permissions to view their email message metadata such as labels and headers, but not the email body or attachments.
After a customer has authenticated using a G-suite administrator account via the timetoreply™ Portal, a token is stored for that administrator account in the database.
The timetoreply™ system does not store username or password information for administrator accounts.
Each time the ‘G-Suite Agent Bulk Add’ section is accessed the token is invoked to poll the domain.
For Agents added via the bulk add method, as well as those added individually, a token created is for their individual account.
Tokens created for agents added via the bulk add method become the child to the parent token created by the administrator account used to authenticate for the G-Suite domain.
Once the timetoreply™ solution is deployed (self-hosted), external access to the application database will be closed off by the customer.
Tokens generated by the timetoreply™ system will never leave the customer’s network and will be inaccessible externally.
Token access can be revoked from your Gsuite Admin Dashboard or from the timetoreply™ dashboard by going to Settings -> Email Service Authentication -> View Microsoft Authentications -> Delete the relevant credential.