Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.
ChatGPT

Integration of external providers (Office 365 / Gmail)

πŸ“Œ Objective

By default, all notifications sent by Dastra come from the address no-reply@dastra.eu. Thanks to integration with your external email providers (Office 365 or Gmail), you can configure sending via your own email addresses, allowing you to:

  • Build trust with your recipients (emails sent with your domain).

  • Centralize your sending and deliverability logs directly in your email infrastructure.

  • Manage your own security, compliance, and archiving rules.

πŸ“© Scope of emails concerned

This configuration applies to all notification emails sent by Dastra within your organization, for example:

  • Notifications of new tasks or requests.

  • Invitations and reminders.

  • Compliance alerts.

  • Tracking requests to exercise rights, incidents, workflows, etc.

πŸ‘‰ In other words, all outgoing emails will replace no-reply@dastra.eu with the configured address.

⚠️ Please note: this applies to all emails sent from the organization. All workspaces will be affected.

βš™οΈ Integration configuration

Step 1: Access the supplier integration and authorize the connection

  • Go to Workspace Settings > Integrations.

  • Click Add a configuration for Office 365 or Gmail.

You can also access the configuration from this URL: https://app.dastra.eu/general-settings/smtp

  • Select the provider you want to use :

    • Microsoft 365 (Office 365)

    • Google (Gmail / Google Workspace)

  • When adding for the first time, Dastra will ask you to authorize the connection :

    • A window will open for you to authenticate via OAuth with Microsoft or Google.

    • You must use an account with sufficient rights (e.g., an account with administrator privileges or permission to send on behalf of the domain).

  • Once authentication is successful, Dastra will confirm the connection and display the sender configuration screen.

⚠️ Please note: this step is essential for Dastra to be authorized to send emails via your provider. Without it, the sender configuration will not be effective.

Step 2: Fill in the requested information

Two mandatory fields must be filled in:

  1. Sender email

    • The email address that will be used as the sender of notifications (example: notifications@yourdomaine.com).

  2. Sender alias

    • The name displayed as the sender (example:Compliance team - Your company).

Once completed, click Save and Test to validate the configuration.

Step 3: Verification and testing

  • Dastra will perform a test send to confirm the validity of the configured address.

  • Check your inbox and your Office 365/Gmail logs to ensure that the test message has been delivered.

The message will look like this :

βœ… Important points to remember

  1. Responsibility for logs

    • By using your own provider (Office 365 or Gmail), you are in control of your sending logs.

    • Information related to email delivery, rejection, or blocking is no longer visible to Dastra teams.

  2. IP/domain reputation management

    • Your infrastructure (Office 365 or Gmail) is responsible for ensuring good deliverability.

    • Make sure that :

      • Your SPF/DKIM/DMARC records are configured correctly.

      • Your sender reputation is good.

      • Your domain and IP are not listed as spam.

  3. Impact on your recipients

    • Notifications will appear as if they were sent directly by your organization.

    • This facilitates recognition and reduces the risk of confusion with generic addresses.

πŸ”’ Security best practices

  • Limit the addresses used for sending (example : no-reply@yourdomain.com or notifications@yourdomain.com).

  • Enable multi-factor authentication on accounts used for integration.

  • Regularly monitor your sending logs in Office 365/Gmail to identify any anomalies.

πŸ‘‰ Once integration is enabled, Dastra will no longer use no-reply@dastra.eu: all your notification emails will be sent via your configured provider.

πŸ”§ Technical FAQ for IT administrators

This section answers common questions from IT and security teams when setting up the Office 365 integration.

What authentication model is used?

The Office 365 integration uses application consent (global admin consent), not delegated consent on behalf of a user. No active Exchange licence per user is required for the integration to work.

What Microsoft Graph scopes are requested?

Dastra requests the following permissions during OAuth consent:

Permission
Usage

Mail.Send

Sending emails from the configured mailbox

Mail.Send.Shared

Sending from a shared mailbox

Are shared mailboxes supported?

Yes. To use a shared mailbox (e.g. privacy@yourcompany.com):

  1. Sign in with your personal account that has send permissions on the shared mailbox.

  2. In the Sender email field, enter the shared mailbox address.

No Exchange policy change (ApplicationAccessPolicy) is required for this to work.

Make sure your personal account has the "Send As" or "Send on Behalf" permission on the shared mailbox in Active Directory / Exchange.

Do I need to whitelist Dastra's outbound IP addresses?

Dastra uses Microsoft Graph API to send emails, not a traditional SMTP server. Calls go through Microsoft's Azure infrastructure, which has a large number of IP ranges (~100 ranges) that change over time.

IP-based filtering is not recommended for this integration: it would be difficult to maintain and could cause service interruptions when Azure IP ranges are updated. Security is handled by OAuth 2.0 and admin consent.

If your security policy requires IP restrictions, you can refer to the IP ranges published by Microsoft for Azure services: https://www.microsoft.com/en-us/download/details.aspx?id=56519. Note that this list is updated regularly.

Last updated

Was this helpful?