Email authentication for Sourcing Automation

Permissions: Job Admin and above with CRM access and a Sourcing Automation seat 

Product tier: Available for all subscription tiers with the Sourcing Automation add-on

Note: Greenhouse acquired Interseller in 2021 and our new add-on product is known as Sourcing Automation. As we work to incorporate this change, you may notice areas in Greenhouse Recruiting where Interseller is mentioned. This is temporary and will eventually be updated. Click here to learn more about the acquisition.

After receiving a sourcing automation seat, the next step is granting Greenhouse Recruiting permission to send emails through your Google or Outlook 365 account. Sourcing Automation only works with Google and Outlook 365 and must be connected in order to use the feature.

You will continue to use Mailgun or a Custom SMTP for all existing Greenhouse Recruiting emails.

Authenticate your Google account

To begin, navigate to CRM from your Greenhouse Recruiting navigation bar.

Screenshot       of       the       crm       tab.

Click Authenticate email in the My active campaign pools panel. 

Screenshot       of       the       authenticate       email       button.

Select any verified email address from the dropdown. If you select a Google email address with its own domain name (for example, greenhouse@test.gov) both a Sign in with Google button and a Sign in with Microsoft button appears in the dialog box. 

Note: Please make sure the verified email address you select is the one you'd like to use for Sourcing Automation. Since Greenhouse Recruiting depends on having access to your inbox to record and manage replies, switching to a different email address is not possible as it results in potential data loss. 

Click Sign in with Google.

Screenshot      of      the      sign      in      with      Google      button.

Follow the prompts to sign in to your Google account.

On the next page, select Allow to grant Greenhouse access to your Google account. Screenshot      of      the      allow      button.

The page redirects to the Campaign pools dashboard in Greenhouse Recruiting.  

Authenticate your Outlook 365 account

Note: Sourcing Automation only works with the web version of Outlook 365. 

To begin, navigate to CRM from your Greenhouse Recruiting navigation bar.

Screenshot     of     the     crm     tab.

Click Authenticate email in the My active campaign pools panel. 

Screenshot     of     the     authenticate     email     button.

Select any verified email address from the dropdown. If you select an Outlook email address with its own domain name (for example, greenhouse@test.gov) both a Sign in with Microsoft button and a Sign in with Google button will appear in the dialog box. 

Note: Please make sure the verified email address you select is the one you'd like to use for Sourcing Automation. Since Greenhouse Recruiting depends on having access to your inbox to record and manage replies, switching to a different email address is not possible as it results in potential data loss. 

Click Sign in with Microsoft.

Screenshot    of    the    sign    in    with    microsoft    button.

Follow the prompts to sign in to your Microsoft account.

On the next page, select Yes to grant Greenhouse access to your Outlook 365 account. 

Screenshot   of   the   outlook   allow   access   page.

Note: If you only see the option to request approval, this means that access to Microsoft 365 needs to be enabled by a Microsoft admin. This person is typically someone in your IT or Support Operations department.

Please submit the request and send this article to the approver for information on how to grant access to your organization. Once access is granted, your email address will be authenticated. 

The page redirects to the Campaign pools dashboard in Greenhouse Recruiting.  

Reconnect your Google account

Certain conditions cause Greenhouse Recruiting to lose access to your email. For example, disconnecting external integrations from your Google account.

When this happens, a notification appears in the Campaign pool dashboard and all active campaign pools connected to your email are paused. 

To reconnect your email, click Sign in with Google. Your email is already selected and cannot be changed. 

Screenshot  of  the  sign  in  with  google  button  for  disconnected  accounts.

Follow the prompts to sign in to your Google account.

On the next page, select Allow to grant Greenhouse access to your Google account. 

Screenshot  of  the  allow  button.

The page redirects to the Campaign pools dashboard in Greenhouse Recruiting.

You can now launch any campaign pools that were paused.   

Reconnect your Outlook 365 account

Certain conditions cause Greenhouse Recruiting to lose access to your email. For example, disconnecting external integrations from your Outlook 365 account.

When this happens, a notification appears in the Campaign pool dashboard and all active campaign pools connected to your email are paused. 

To reconnect your email, click Sign in with Microsoft. Your email is already selected and cannot be changed. 

Screenshot of the sign in with microsoft button for disconnected accounts.

Follow the prompts to sign in to your Microsoft account.

On the next page, select Yes to grant Greenhouse access to your Outlook 365 account. 

Screenshot of the outlook allow access page.

The page redirects to the Campaign pools dashboard in Greenhouse Recruiting.

You can now launch any campaign pools that were paused.   

Security FAQs

Why does Sourcing Automation require Google or Outlook365 instead of our existing Greenhouse email integration?

Greenhouse utilizes the connection with your Google or Outlook 365 account so the campaign pool can send emails to prospects directly through your provider, track outgoing emails, and access replies to know when to stop the automated email sequence. 

Outgoing and incoming emails are automatically synced into the prospect's activity feed.

What Google permissions does Sourcing Automation request?

Permission Description
Email, profile Retrieves basic profile information for the authenticated user
Calendar.readonly Allows Greenhouse to detect when a meeting/interview is booked with the prospect to track the event within Sourcing Automation and stop the automated campaign pool
Gmail.settings.basic Allows Greenhouse to read aliases to an email inbox and import email signatures to be used for outreach emails
Gmail.send Allows Greenhouse to send emails from the authenticated user's Gmail account
Gmail.modify Allows Greenhouse to watch and sync email communication with prospects into Greenhouse. The write access to the Inbox is used to archive bounce emails or negative responses automatically. Additionally, Greenhouse uses these permissions to add an email inbox actions (also referred to as Sentiments) to all emails sent through Sourcing Automation. This email provides convenient links to perform actions on a prospect's profile 

What Microsoft Outlook 365 permissions does Sourcing Automation request?

Permission Description
User.read Retrieves basic profile information for the authenticated user
Calendars.read Allows Greenhouse to detect when a meeting/interview is booked with the prospect to track the event within Sourcing Automation and stop the automated campaign pool
Mail.send Allows Greenhouse to send emails from the authenticated user's Outlook 365 account
Mail.readwrite Allows Greenhouse to watch and sync email communication with prospects into Greenhouse. The write access to the Inbox is used to archive bounce emails or negative responses automatically. Additionally, Greenhouse uses these permissions to add an email inbox actions (also referred to as Sentiments) to all emails sent through Sourcing Automation. This email provides convenient links to perform actions on a prospect's profile

How long is the access token valid when requesting authentication to my Google or Microsoft account?

The access token expires after one hour. Greenhouse uses refresh tokens to maintain access to your account without prompting you to complete the authentication process every hour. This is a secure access method that does not store your username or password. 

You can revoke access at any time from your Greenhouse account settings, from your Google/Microsoft account, or when a Site Admin deactivates your Greenhouse Recruiting account. 

Note: Syncing between Greenhouse Recruiting and your email provider takes up to 30 minutes for Google and 4 hours for Microsoft Outlook. 

Check out the topics below for more in-depth information based on your email provider:

Does Greenhouse view or store our employee email inboxes?

Access to send and read emails is limited to the users that grant Greenhouse permission during the email authentication setup. 

The employee's Google or Microsoft account provides Greenhouse with a unique message ID to track emails sent through Sourcing Automation. As a result, Greenhouse is able to process new messages to the user's inbox; however, all messages are immediately discarded from our system that are not in response to a previous email sent through the message ID.

Greenhouse syncs emails related to Sourcing Automation into the prospect's activity feed

Do you have any alternatives available if I don't want to grant Greenhouse access to my email?

You can add a secondary email address to your Greenhouse Recruiting account that is a separate email inbox within your organization's Gmail or Outlook 365 account. 

Choose this secondary email address when completing the email authentication. As a result, Greenhouse will only have access to emails sent and received from this secondary email account. 

Can prospects unsubscribe from future emails?

Yes, Sourcing Automation supports the ability to add an unsubscribe link to your emails. Learn how to enable this feature here.

How does Greenhouse keep my data safe?

The tokens used to authenticate and maintain access to your account are encrypted before storing them within our database. The encryption keys and database are only accessible to a minimal set of Greenhouse staff members. Our database is also protected using multi-factor security measures including VPN access. To provide internal transparency, our database is logged and auditable. 

Additionally, staff members with access to this data have completed a successful background check and signed our written zero-tolerance policy that defines their responsibilities regarding our secure database.