There are different Team creation approval workflows in nBold that could be configured using one of the below mentioned options:
Approval email sent by nBold: This is the default and easiest option, works without any configuration.
Approval email sent by your organization: If you need advanced security/compliance control over your notification emails.
Microsoft Teams Approval App: A Microsoft Teams native experience, that you can customize using Power Automate or Logic Apps.
Approval email sent by nBoldβ
How does it work?β
This is the option enabled by default in any new organization, and doesn't require any configuration. In this mode, the approval process is implemented as an Outlook actionable email, send from the [email protected] address.
π§ IMPORTANT
nBold does NOT collect ANYTHING from these notification emails, neither openings, nor clicks, and does not include any invisible image or other form of tracker.
What about security?β
Actionable messages security is guaranteed by:
The fact that the actionable message could only be used from the context of a secured Outlook client, and that end-user authentication is entirely managed by the Outlook client (Desktop, Web and Mobile) by providing to the actionable message the required token.
A sender verification is enforced using signed cards. See: Sender verification
Phishing prevention is ensured by using a Card Signing mechanism
Requests sent by the actionable message are verified to ensure that they originate from Microsoft. See: Verifying that requests come from Microsoft
The token provided by Outlook to the actionable message is used to verify the end-user identity. See: Verifying the identity of the user.
Learn more by reading Security requirements for actionable messages in Office 365.
π‘ Configure Exchange safelist collections on a mailbox
As a Microsoft 365 administrator, you can directly manage an end-user mailbox rules, and add the [email protected] address to its "Safe Senders" list.
See Use Exchange Online PowerShell to configure the safelist collection on a mailbox
Approval email sent by your organizationβ
How does it work?β
For advanced control over your approval notification emails (for instance to implement custom Exchange transport rules), you can configure nBold to send your approval emails from your own internal email as a sender.
What do I have to do?β
You need to enable the service account that you configured in nBold to be authorized to send actionable messages. For that, and to ensure the security around the messages that are sent, Microsoft require to follow these quick steps:
Open the Actionable Email Developer Dashboard and login with a Microsoft 365 user with
Exchange AdministratororGlobal administratorpermissions.Select
New provider
Fill the form:
Friendly Name:
nBoldOrTeams Approvalfor exampleProvider Id (originator): Copy the value that is Automatically generated
Organization Info: Automatically generated
Sender email address from which actionable emails will originate: Your service account email address
Target URLs:
https://api.salestim.ioPublic Key:
<RSAKeyValue><Modulus>k0Qqob12HSdll52CbnXkQNW6nZO9477sE9pI8Y6z5M8hPtJinAf2r41Sxss3Y9oP1nzcfs3fHpi1AUjffyD44I2FxmqF+FGfgKsuWeYce/75Kb1QCEDOwTjP4kqgPD8NeJbWNIe2ZRRKilmxmmUZ6NErNEWvf8vzQvvpVeP9CLUIERuBxLlLlitjNTyCUjgTTkC+giKtmcxTnJ/lUav3erPsev8isS+IQwz6SaXCqj/eYnFkhM2ADF2UCL4ssgHEj6jYe4m8IyMQBgxxr4+4fziixn0uimGQqt54VbT4BToq7l7S8wSj3WNRwR7KBBWvo6pnx39fDMWazfLbe5NmsQ==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>
Logo: You can use the nBold Logo
Scope of submission:
OrganizationAdditional Information: One of your Microsoft 365 Exchange or Global administrators
β
Before submitting the form, BE SURE TO COPY THE PROVIDER ID VALUE
Accept the terms and conditions and hit "Save"
Wait for your Microsoft 365 Exchange or Global administrators to approve this request
Global Admin and Exchange Administrators are then receiving the request in inbox that needs to be approved.
the administrator needs to approve:
The Provider is then confirmed as approved
Open the nBold Settings tab and open "Approval" and check the "Enable organization-level provider" option
Paste the provider id you copied in the step 3 and hit "Save"
From the nBold Catalog, you should now be able to enable the approval workflow on your templates (You may have to refresh the page to see your changes).
For more details about this procedure, you may refer to Register your service with the actionable email developer dashboard.
What about security?β
Actionable messages security is guaranteed by:
The fact that the actionable message could only be used from the context of a secured Outlook client, and that end-user authentication is entirely managed by the Outlook client (Desktop, Web and Mobile) by providing to the actionable message the required token.
A sender verification is enforced using signed cards. See: Sender verification
Phishing prevention is ensured by using a Card Signing mechanism
Requests sent by the actionable message are verified to ensure that they originate from Microsoft. See: Verifying that requests come from Microsoft
The token provided by Outlook to the actionable message is used to verify the end-user identity. See: Verifying the identity of the user.
Learn more by reading Security requirements for actionable messages in Office 365.
Microsoft Teams "Approval" appβ
Instead of relying on Outlook actionable emails, you can leverage the Microsoft Teams Approvals app to implement your team creation approval workflow.
This options brings some valuable benefits and new options:
Multi-stage approvals
Dynamic approvers list (for instance based on the requester profile and manager)
Integration with third-party apps
To learn more about this option, please read the Power Platform and Logic Apps Connectors documentation, and refer to these connector's triggers that you can leverage from Microsoft Power Platform and Azure Logic Apps:
When a Team Creation Approval is Requested
When a Team Creation is Approved
When a Team Creation is Rejected