Enterprise mailbox connection checklist (Microsoft 365 and Google Workspace)

Purpose

This article is for IT and operations teams that need to connect many Microsoft 365 and Google Workspace mailboxes during a platform migration or similar cutover. It gives a single runbook—who does what, which SuperSend paths to use at scale, and a sign-off checklist—without duplicating the full Gmail, Outlook, and Azure setup guides.

Prerequisites

• Microsoft 365 / Entra ID administrator access (for Azure app registration and admin consent).
• Google Cloud / Workspace administrator access (for OAuth consent screen, APIs, and OAuth clients).
• SuperSend organization admin access for Admin → Integrations (or team members who can add senders and OAuth apps, per your roles).

Recommended paths at scale

For the full wizard flows and alternatives (e.g. Outlook OAuth, Gmail App Password), see Connect Outlook / Microsoft sender and Connect Gmail / Google Workspace sender.

Roles (who does what)

Steps — Microsoft 365 (service account)

Complete the Azure side first, then SuperSend.

In Azure (summary)

1. Microsoft Entra ID → App registrations → create an app (single-tenant is typical).
2. Redirect URI: not required for the service-account (client credentials) path.
3. API permissions → Microsoft Graph → Application permissions (not delegated): User.Read.All, Mail.Read, Mail.ReadWrite, Mail.Send.
4. Grant admin consent for your organization.
5. Certificates & secrets → create a client secret; copy the secret value (shown once).

Full permission table, troubleshooting, and policy notes: Azure app registration and Microsoft service account (Outlook).

In SuperSend

1. Admin → Integrations → select the team → Microsoft → add a Microsoft service account (Client ID, Tenant ID, client secret), or
2. Senders → Add Sender → Email Sender → Connect Your Own Mailboxes → Microsoft Outlook → Service Account tab → create or select a service account → enter the mailbox email.

UI walkthrough: Connect Outlook / Microsoft sender (Service Account section).

Steps — Google Workspace (OAuth, multiple apps per team)

In Google Cloud (repeat per OAuth client / project)

1. Create or select a project → enable Gmail API.
2. Configure OAuth consent screen (Internal vs External / testing users as needed).
3. Add scopes on Data access, including:

• https://www.googleapis.com/auth/gmail.modify
• https://www.googleapis.com/auth/gmail.labels

4. Credentials → OAuth client ID → Web application:

• Authorized JavaScript origins: https://app.supersend.io
• Authorized redirect URIs: https://app.supersend.io/oauth/google

5. Download the client JSON or copy Client ID, secret, and Project ID.

Step-by-step detail (including consent-screen flow) is in the OAuth path inside Connect Gmail / Google Workspace sender and in Admin → Integrations for Integrations overview (Google OAuth / sending providers).

In SuperSend

1. Senders → Add Sender → Gmail → OAuth tab.
2. Add a Google OAuth app for this team (upload JSON or enter fields). Use a clear name per Google Cloud project or tenant.
3. Add another OAuth app on the same team if you have additional GCP projects—multiple apps per team are supported.
4. Optionally mark one app as default for the team.
5. For each mailbox: select the correct OAuth app → Connect your Gmail account → sign in and approve.

Steps — After mailboxes are connected

Mailboxes must be attached to sender profiles, and campaigns must use those profiles, before email sends.

1. Create sender profiles if you have not already: Senders → Sender Profiles → Create Profile. See Create and use sender profiles.
2. Attach mailboxes to a profile from Senders → Mailboxes (the mailboxes table): select the mailboxes you want (you can bulk-select rows), then use Assign to Profile and pick the profile. (You can also open a profile’s detail page and use Add mailboxes there—the same outcome.)
3. Point each campaign at a sender profile: open the campaign → Settings → Senders and add the profile(s) the campaign should send from. This step chooses which profile a campaign uses; it does not attach mailboxes to profiles.

See Senders overview for the full three-layer model.

Expected result

• Microsoft: Service account is saved for the team; mailboxes connect via the Service Account tab without per-user Microsoft consent.
• Google: One or more OAuth apps are on the team; each mailbox completes Google OAuth and shows as connected under Senders.
• Sender profiles include the new mailboxes; campaigns reference those profiles.

Troubleshooting

• Microsoft — “Failed to get Outlook profile”: Usually missing User.Read.All (application permission), missing admin consent, or email / UPN mismatch. See the Azure article above.
• Microsoft — permission errors after connect: Re-check all four Graph application permissions, consent state, and client secret expiry; rotate the secret in Azure and update SuperSend.
• Google — “App isn’t verified”: Common for internal OAuth clients; admins can proceed via Advanced, or pursue Google verification for broad production use. See Connect Gmail / Google Workspace sender.
• Google — wrong tenant or project: Confirm you selected the matching Google OAuth app on the OAuth tab before connecting; add a separate OAuth app per GCP project if needed.

Sign-off checklist (go / no-go)

Related articles

• Senders overview
• Connect Outlook / Microsoft sender
• Azure app registration and Microsoft service account (Outlook)
• Connect Gmail / Google Workspace sender
• Integrations overview
• Create and use sender profiles

Updated on: 07/04/2026