AI Email (AIE) requires an email provider from which to send emails for email campaigns. You can use Gmail or Outlook 365, as described below. Alternatively you can use the 6sense email provider.
After your Gmail or Outlook is configured for use with AIE, you add one or more email accounts that are intended to be dedicated to AIE campaigns. Refer to the instructions below.
After you set up a dedicated email account, you connect it to an AI email agent in AIE. Refer Set Up a AIE AI Email Agent.
Prerequisites
You must have the required Administrator permissions to set up email accounts on the email provider.
A supported email provider:
Gmail – Google Workspace business email
Outlook on Microsoft Office 365 – Outlook hosted on the cloud
Unsupported email providers include on-premises or self-hosted Outlook/Exchange account, email inboxes created using a Google Service account, or Microsoft Exchange Server accounts. They do not support delegated access via OAuth, which is required.
Email server OAuth2 protocol
CE uses the OAuth2 protocol to connect with the Gmail and Microsoft Graph APIs. Refer to the following resources:
Microsoft: Delegate access
Required scopes for Gmail
For Gmail, AIE requires the following scopes:
openid: Required for OpenID Connect (OIDC) authentication, allowing the app to verify the user’s identity and authenticate with Google.
email: Provides access to the user’s email address. This helps identify the user and associate emails with their Google account.
profile: Grants access to basic user profile information, such as the user’s name and profile picture. This can be useful for displaying the user’s details within the application.
gmail.compose: Allows the app to send emails on behalf of the user. This is necessary for sending replies or initiating email conversations.
gmail.readonly: Provides read-only access to the user’s Gmail inbox. This is needed for fetching and displaying email messages without modifying them.
Required scopes for Outlook 365
For Outlook 365, CE requires the following scopes:
openid: Needed for OpenID Connect (OIDC) authentication, which allows users to sign in and verify their identity with Microsoft accounts. It provides basic user information (such as the user’s ID and profile).
offline_access: Enables the application to receive a refresh token, which allows the app to maintain access to the user’s email account even after the user closes the application. This prevents the need for frequent re-authentication.
mail.read: Grants read-only access to the user’s mailbox. This is necessary for fetching emails, which is required for building a conversation-based email experience.
mail.send: Grants write-only permission to send emails on behalf of the user. This is required so that the application can send responses in a conversational email exchange.
mail.readwrite: Grants both read and write permissions to the user’s mailbox. This is needed for scenarios where the app needs to modify, delete, or update email messages (e.g., marking emails as read, moving emails to different folders).
user.read: Grants read permissions to users.
Advanced Outlook security settings requiring admin approval
If your Office 365 Administrator has enabled advanced security settings within your Azure Active Directory (Microsoft’s application access management portal) which restricts access to third party applications like AIE at an organization level, you need to update those settings. To make the updates, you need a Global Administrator with access to Azure Active Directory to configure the settings to allow integration with AIE. Follow the Microsoft instructions at Configure the admin consent workflow workflow to set up a workflow for your users to request Admin consent for individual 3rd-party applications.
If this is not configured correctly users may see the error message “Need admin approval”.
Additional Outlook requirements
API permissions: Ensure the user created has any necessary permissions required for API use, and/or permissions required for using OAuth to connect a 3rd party application.
Spam policy: Your email Administrator should review your organization’s outbound spam policy to ensure that any existing policies with sending limits aligns with expected sending thresholds, while also considering general Microsoft sending limits.
About SPF/DKIM/DMARC
These should already be set up and configured for Gmail or Outlook 365. You do not need to add records for 6sense.com to send emails directly as AIE uses OAuth credentials and the API to tell Gmail or Outlook 365 to send emails.
About the email API limit
Because your AI email agent uses your company’s email domain through a connection with the Gmail or Outlook 365 API, there’s a daily email limit applied from the email provider. For example, Google limits the number of Gmail messages users can send per day. If you enroll a huge volume of contacts to your campaign, it might take a while for all of your contacts to receive the emails from your AI email agent. Refer to AI Email Campaign Schedules.
Identify the domain or subdomain to use
Decide what domain or subdomain to use for your email provider.
Avoid using your primary domain (such as www.company.com), especially if it’s used by Outlook, Gmail, or any other email service provider. This is to prevent interference and to minimize any possible risk to the reputation of your primary domain. For example, if you need to use a domain it could be like “www.company2.com”.
You can use a subdomain, as long as it is currently used as a sending/receiving domain with a valid MX record.
For example:
email.company.com
inbox.company.io
Please ensure that any separate domain redirects to a live website to maintain the integrity of your AIE program.
Set up an email account on the email provider
An email account on your email provider connects to your AI email agent to actually send and receive emails.
Best Practice: Create the email account as if you are creating it for a real employee. Set the permissions, configurations, and settings as if you were onboarding an actual employee.
To set up the email account:
Set up an email inbox for your AI email agent. Create a real inbox user account within the domain selected above.
You could model the email account after a real employee by using a different naming convention for the inbox. For example, if you want to create an email account modeled after a real John Smith ([email protected]), you could name the new account [email protected] or [email protected].
Do not use an alias, Google Group, distribution list, service account, or a generic inbox. Because these are not actual inboxes, AIE is not able to authenticate and gain programmatic access to them using OAuth2. AIE needs an actual inbox to authenticate with.
Do not use a shared account. Due to the way AIE handles identity verification and permissions access, it is not able to support this configuration.
Do not use the existing email account of a real employee. Their account may become flooded with responses and there is risk of disrupting the programmatic response of the AI.
Add a profile photo of the team member: Because this email account represents an AI email agent, a human face helps with engagement.
(Optional) Turn on 2-factor authentication (2FA): 2FA is an extra layer of security that is also known as “multi-factor authentication.” It requires a password, username, and also a third token.
(Optional) Note the responsibility for the account: Make sure the email address is filed with the IT team as an active email address belonging to you. That way, if any issues arise, the IT team knows who to contact.
Authorize the email inbox account in CE
After the AI email agent’s email provider account is created, an AIE Administrator must authorize the integration. An Administrator needs to input the username and password of the user/mailbox in order to authorize.
Tip: If your internal IT team would prefer to keep the password in a dedicated IT vault and not share with any other users, an IT stakeholder may log into AIE as an Administrator and authorize so the password does not need to be shared.
If your organization uses SSO (such as Okta), the Administrator may need to authenticate once when the connection is first made.
This integration leverages OAuth to delegate permissions to 6sense AIE to act on behalf of the AI email agent. As such, an email Administrator will likely need to approve this integration.
Set up the AI email agent
After you set up the email inbox account on the email provider, you can assign it to an AI email agent in AIE. Refer to Set Up an AI Email Agent.
FAQ
Why does the email address for an AI email agent have to use my company’s domain?
Each AI email agent is associated with your company, and therefore should have a company domain. Using your company’s domain allows recipients to recognize that the emails and messaging are generated from your company. It also increases the deliverability of your AI email agent’s emails.
What do we need to do if we change the password for an email account connected to an AI email agent?
If you change the email password for the email account on your email provider, AIE sends a notification that your AI email agent is disconnected. Reconnect your AI email assistant as soon as possible to ensure that there is no gap or delay in the detection of and reply to emails.
What is two-factor authentication (2FA)?
2FA is an extra layer of security that is known as “multi-factor authentication,” which requires not only a password and username but also a third token.
When should 2FA be turned on?
If your organization uses 2FA, this should be turned on at the time of the email’s creation. If 2FA is turned on later, you may receive a notification that your AI email agent is disconnected. If so, reconnect your AI email agent as soon as possible to ensure that there is no gap or delay in the detection of and reply to emails.