How to Give Protime Access to a mailbox

1. Introduction to Protime

Protime is dedicated to empowering business professionals through strategic insights by providing a hyper-personalized, condensed newsletter that keeps them at the cutting edge of their industry. By delivering targeted insights, we enhance their efficiency, efficacy, and competitive advantage, enabling them to excel in their fields.

Protime also strives to elevate the knowledge and critical thinking skills of the masses, building more resilient societies. Our efforts focus on combating information overload, misinformation, deepfakes, and cognitive biases. By ensuring that our communities are well-equipped to navigate the complexities of the modern information landscape, we help individuals make informed decisions and resist the spread of false information.

2. Importance of Mailbox Access for Protime

Most industry news and business communications are sent through email newsletters. Therefore, integrating Protime into the email flow ensures users receive timely and relevant information. Depending on the level of trust you bring to Protime, there are three ways users can provide Protime access to their data:

• Protime gets access to a Gmail mailbox: The Protime user sends all emails to this mailbox, which can be automated by Outlook rules or similar. However, in Exchange, often additional configuration for automatic forwarding to a foreign domain is necessary.
• Protime gets access to an Exchange mailbox inside the organization: Email forwarding is no longer a problem, as Protime can access the mailbox directly.
• A user grants access to their personal mailbox: This option is not yet implemented but will allow users to selectively grant access to specific emails for summarization.

3. Configuration Overview

3.1 Setting Up a Protime Gmail Address for Users

Each user in the organization will have a dedicated Protime Gmail address (e.g., [email protected]), to which they can forward emails. Protime will then process these emails and provide the user with a condensed newsletter based on the content. It involves configuring the Exchange environment to allow such forwarding to Gmail while ensuring security and compliance.

3.2 Setting Up a Protime Outlook Address for Users

This setup enables users to automatically forward emails from their Microsoft Exchange mailbox to an internal exchange address. Protime will then process these emails and provide the user with a condensed newsletter based on the content. Configuring exchange is not necessary.

3.3 Using your personal email address for Protime

This option is not yet implemented but will allow users to selectively grant access to specific emails for summarization. This setup will require the user to provide access to their mailbox with the Protime Gmail App or Protime Azure App. mechanisms.

4. Detailed Configuration Steps

4.1. Gmail Address Setup for Protime

4.1.1 Creating and Configuring a Gmail Address for Protime Users

1. Create a Gmail Account for a User: Navigate to Gmail and click on Create account. Follow the on-screen instructions to set up a new Gmail account (e.g., '[email protected]').
2. Accept Protime's Gmail App: Login into your new Gmail account. Click on the link ...(support will provide it) and accept the access of the Gmail Protime App.

4.1.2 Enabling Automatic Forwarding to Protime’s Gmail Address in Exchange Environments

1. Access the Exchange Admin Center (EAC): Open a web browser and go to the EAC URL (typically https://admin.exchange.microsoft.com or https://yourdomain.com/ecp). Log in with your Exchange administrator credentials.
2. Enable Automatic Forwarding in Exchange Admin Center: Navigate to Mail Flow settings in the left-hand menu. Select Remote Domains. If you already have a remote domain configured for Gmail (e.g., 'gmail.com'), select it. If not, create a new remote domain by clicking the + icon. Set the remote domain name to 'gmail.com' if creating a new one. Ensure Allow automatic forwarding is enabled.
3. Create a Mail Flow Rule to Allow Forwarding for Specific Users: In the EAC, go to Mail Flow and select Rules. Click the + icon and select Create a new rule. Name the rule (e.g., 'Allow Forwarding for Specific Users'). Apply the rule if The recipient is and specify the mailbox user(s) who should be allowed to create forwarding rules. Do the following: Select Modify the message properties > Set the spam confidence level (SCL), and set it to -1. Click More options, add any exceptions if necessary, ensure the rule is enabled, and click Save.
4. User Action to Set Up Forwarding Rule in Outlook: Open Outlook and go to File > Manage Rules & Alerts. Click New Rule. Choose Apply rule on messages I receive and click Next. Select conditions as needed (e.g., from a specific sender). Click Next and select Forward it to people or public group. Enter the Gmail address (e.g., '[email protected]'). Complete the rule setup by following the prompts and clicking Finish. Ensure the rule is enabled and click OK to save the changes.

4.2. Outlook Address Setup for Protime

4.2.1 Creating and Configuring an OUTLOOK Address for Protime Users

1. Create a Dedicated Exchange Mailbox for Protime: Access the Exchange Admin Center (EAC) by navigating to the EAC URL (typically https://admin.exchange.microsoft.com or https://yourdomain.com/ecp). Log in with your Exchange administrator credentials. Navigate to Recipients > Mailboxes. Click the + icon and select User mailbox. Fill in the necessary details to create a new mailbox (e.g., '[email protected]'). Click Save.
2. Accept Protime's Azure App: Login into your new Exchange account. Click on the link ...(support will provide it) and accept the access of the Protime Azure App.

4.2.2 Enable Forwarding is not necessary in Exchange Environments

Protime users can setup a rule in Outlook to forward emails to the Protime mailbox in the same organization without having issues with the security settings of the Exchange environment. For larger organizations this is the recommended setup. For smaller organizations, the Gmail setup is easier to implement.

4.2.3 How Client AG Can Use the Protime App for Microsoft Exchange Mailbox Access

This section provides a step-by-step guide for the IT administrators at Client AG to set up and configure access to a Microsoft Exchange mailbox using the Microsoft Graph API, leveraging an application registered by Protime.

4.2.3.1 Register an Application in Azure Active Directory (Azure AD) implemented by Protime

This was already done by Protime. The application registered by Protime in Azure AD will be used to access a Microsoft Exchange mailbox on behalf of users at Client AG.

1. Access the Azure Portal: Navigate to Azure Portal.
2. Register a New Application: In the left-hand navigation pane, select Azure Active Directory. Under Manage, select App registrations. Click New registration. Enter a name for the application (e.g., 'Exchange Mailbox Access App'). For Supported account types, select 'Accounts in any organizational directory (Any Azure AD directory - Multitenant)'. For Redirect URI, leave it empty for now. Click Register.
3. Obtain Application Credentials: After registration, navigate to the application's Overview page. Note the Application (client) ID and Directory (tenant) ID.
4. Create a Client Secret: Under Manage, select Certificates & secrets. Under Client secrets, click New client secret. Provide a description (e.g., 'API Key') and choose an expiration period. Click Add. Copy the value of the client secret. This value will not be shown again.

4.3.2.2 Configure API Permissions

This was already done by Protime. The application registered by Protime in Azure AD will be used to access a Microsoft Exchange mailbox on behalf of users at Client AG.

1. Set API Permissions: Under Manage, select API permissions. Click Add a permission. Select Microsoft Graph. Choose Delegated permissions for applications that act on behalf of a user or Application permissions for background services or daemons. Add permissions like `Mail.ReadWrite`, `Mail.Read`, and `Mail.Send`.

4.3.2.3 Grant Admin Consent Client AG

1. Who Grants Admin Consent: An Azure AD administrator from Client AG needs to grant consent for the application registered by Protime.
2. Method to Grant Admin Consent: Admin Consent URL: Protime provides Client AG with the admin consent URL: https://login.microsoftonline.com/common/adminconsent?client_id=YOUR_CLIENT_ID. Replace `YOUR_CLIENT_ID` with the actual Application (client) ID obtained during registration.
3. Steps for Admin at Client AG: The admin from Client AG opens the provided URL in a web browser. Signs in Steps for Admin at Client AG: The admin from Client AG opens the provided URL in a web browser. Signs in with an admin account from Client AG's Azure AD. Reviews and grants the requested permissions for the Protime application.
4. Confirm Admin Consent: After granting consent, the admin should see a confirmation message indicating that the permissions have been granted successfully.

4.3.2.4 User Actions to Grant Access

1. Provide Access to Mailbox: Each user at Client AG who needs to allow Protime's application to access their mailbox will receive an access URL from Protime. The user opens the provided URL in a web browser. Signs in with their Client AG Azure AD account. Reviews and grants the requested permissions for the application to access their mailbox.
2. Consent URL Example: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_REDIRECT_URI&response_mode=query&scope=Mail.ReadWrite&state=12345. Replace `YOUR_CLIENT_ID` with the actual Application (client) ID. Replace `YOUR_REDIRECT_URI` with the URI where the user will be redirected after granting consent.

4.3.2.5 User Actions to Revoke Access

1. If a user wants to revoke access, they can do so by removing the application's permissions from their account. Navigate to My Account. Under Security & privacy, select Apps & services. Find the Protime application in the list and click on it. Select Remove these permissions.