Drift Email abides by the principle of least privilege. We are only authorized for the bare minimum access required to continuously read emails from a specific inbox, in order to sync data in real time.
Access is granted through O365’s API via standard OAuth2 authorization. Once you've connected an inbox, you can verify this configuration by finding Drift Email in your Connected Apps settings in Outlook.
These permissions apply to Drift Email’s management of email replies only. If you’re an Email Bots user, see Email Bots for additional required access.
For email reply management, Drift Email needs permission to:
- Sign you in and read your profile
- Read your mail
- Sign in as you
- Access your data anytime
These permissions are granted to Drift Email through 4 scopes (more info here):
- This allows us to access a profile, so we can identify the inbox being connected and associate it with the correct Drift Email account.
- This enables us to pull email replies from your connected inboxes when you are not actively logged into Drift Email. Without this scope, Drift Email would only be able to process replies while someone is actively using Drift Email in their browser.
- This allows us to read a profile in order to authenticate. This is limited to only a few data points, like email address and name.
- This scope gives us read-only access to the incoming emails in the connected inbox.
Drift Email does not require any scopes that would allow us to read your address book or calendar, or interact with Active Directory. For more information, see Microsoft’s resource on Mail API scopes.
If you are using Email Bots, in addition to the scopes above, Drift Email will request access to Mail.Send.
Email Bots send automated responses to your email replies on your behalf, which is why they require this extra scope.
For more information, see Microsoft’s resource on Mail API scopes.