Skip to main content
Professional Setup ($997 value) included with every plan this month.See pricing
Integrations

Custom OAuth (BYOC) Setup

Connect your own Google or Microsoft OAuth application to SalesPartner for full email and calendar integration using your own credentials. Step-by-step guide for Google Cloud Console and Microsoft Azure Entra.

What Is Custom OAuth (BYOC)

Custom OAuth, also called BYOC (Bring Your Own Credentials), lets you connect SalesPartner using your own Google Cloud or Microsoft Azure application instead of SalesPartner's shared credentials.

This gives you the same full capabilities as a standard Microsoft 365 or Google Workspace connection — reading emails, sending replies, conversation mode, and calendar sync — but with your own app controlling the sign-in experience.

When to use Custom OAuth:

  • Your organization wants its own branding on the sign-in consent screen
  • Your IT team requires that integrations use company-managed apps
  • You want your own rate limits and quotas separate from the shared pool
  • Your Google Workspace or Microsoft 365 admin has not approved SalesPartner's app

When NOT to use Custom OAuth:

  • You just want to connect your email quickly — use the standard Microsoft 365 or Google Workspace button instead
  • You are connecting a personal Gmail or Outlook account — the standard connection is simpler
  • You are not familiar with Google Cloud Console or Azure Entra — the standard connection requires no technical setup

Prerequisites

Before starting, you will need:

  • Admin access to Google Cloud Console (for Google) or Microsoft Azure Entra (for Microsoft)
  • Permission to create and configure OAuth applications in your organization
  • The SalesPartner redirect URI that your app must allow (provided below)

You will register a new OAuth application with your provider, configure the required permissions, add SalesPartner's redirect URI, and then enter your Client ID and Client Secret in the SalesPartner admin panel.

Setting Up a Google OAuth App

Step 1 — Create a Google Cloud Project

Go to console.cloud.google.com. Click the project selector at the top and click New Project. Give it a name (for example, "SalesPartner Integration") and click Create.

Step 2 — Enable Required APIs

In your new project, go to APIs and Services, then Library. Search for and enable these two APIs:

  • Gmail API
  • Google Calendar API

Step 3 — Configure the OAuth Consent Screen

Go to APIs and Services, then OAuth consent screen. Choose Internal if this is for your organization only, or External if you need to grant access to accounts outside your Google Workspace domain.

Fill in the required fields: App name, User support email, and Developer contact email. You can skip the optional fields.

On the Scopes page, add these scopes:

  • gmail.send — Send emails
  • calendar — Full calendar access
  • calendar.events — Calendar events
  • userinfo.email — Read email address

Save and continue through the remaining screens.

Step 4 — Create OAuth Credentials

Go to APIs and Services, then Credentials. Click Create Credentials, then OAuth client ID. Select Web application as the application type.

Under Authorized redirect URIs, add this exact URI:

https://api.salespartnercrm.com/api/v2/calendar-auth/google/calendar/callback

Click Create. You will see your Client ID and Client Secret. Copy both — you will need them in the next step.

Step 5 — Connect in SalesPartner

In the SalesPartner admin panel, go to the user's Integrations tab. Click Add Account, then Custom OAuth (BYOC). Select Google as the provider. Paste your Client ID and Client Secret, then click Start OAuth.

A popup window will open with the Google sign-in page. Sign in and grant the requested permissions. The popup closes on its own when the connection succeeds.

Setting Up a Microsoft OAuth App

Step 1 — Register an Application in Azure Entra

Go to entra.microsoft.com (or portal.azure.com, then Azure Active Directory). Navigate to App registrations and click New registration.

Enter a name (for example, "SalesPartner Integration"). Under Supported account types, select Accounts in any organizational directory if you want to support any Microsoft 365 tenant, or Accounts in this organizational directory only for single-tenant.

Under Redirect URI, select Web as the platform and enter this exact URI:

https://api.salespartnercrm.com/api/v2/calendar-auth/microsoft/calendar/callback

Click Register.

Step 2 — Add Permissions

In your registered app, go to API permissions. Click Add a permission, then Microsoft Graph, then Delegated permissions. Add these permissions:

  • Mail.ReadWrite — Read and write email
  • Mail.Send — Send email
  • Calendars.ReadWrite — Read and write calendar
  • User.Read — Read user profile (for email address)
  • offline_access — Keep the connection active (required for token refresh)

After adding all permissions, click Grant admin consent if you are an admin, or ask your admin to grant consent.

Step 3 — Create a Client Secret

In your app registration, go to Certificates and secrets. Click New client secret. Give it a description and choose an expiration period. Click Add.

Copy the Value right away — it is only shown once. This is your Client Secret.

Your Client ID is the "Application (client) ID" shown on the app's Overview page.

Step 4 — Connect in SalesPartner

In the SalesPartner admin panel, go to the user's Integrations tab. Click Add Account, then Custom OAuth (BYOC). Select Microsoft as the provider. Paste your Client ID and Client Secret, then click Start OAuth.

A popup window will open with the Microsoft sign-in page. Sign in and grant the requested permissions. The popup closes on its own when the connection succeeds.

Redirect URIs Reference

Your OAuth app must have the correct redirect URI registered. Use the exact URIs below. Any mismatch will cause the sign-in flow to fail with a redirect error.

For Google apps: https://api.salespartnercrm.com/api/v2/calendar-auth/google/calendar/callback

For Microsoft apps: https://api.salespartnercrm.com/api/v2/calendar-auth/microsoft/calendar/callback

These URIs are the same whether you are using Custom OAuth (BYOC) or the standard SalesPartner connection.

How Token Refresh Works

When you connect via Custom OAuth, SalesPartner stores your Client ID and Client Secret securely on the account. When the access token expires (typically after one hour), SalesPartner refreshes it using your app's credentials in the background.

This means your app's credentials must stay valid. If you change your Client Secret in Google Cloud Console or Azure Entra, you will need to disconnect and reconnect the account in SalesPartner with the new secret.

Your Client ID, Client Secret, and connection tokens are stored securely on the server and are never exposed in admin panel responses.

Troubleshooting Custom OAuth

"Admin Approval Required" (Microsoft) — Your Microsoft 365 administrator has not granted consent for your app. Ask your admin to go to the app registration in Azure Entra and click Grant admin consent under API permissions.

"Redirect URI mismatch" — The redirect URI in your app does not exactly match what SalesPartner expects. Copy the URI from the Redirect URIs Reference section above and paste it exactly, including the full path.

"Access denied" or "Insufficient permissions" — Your app is missing required permissions. Check that all permissions listed in the setup steps are added and that admin consent has been granted.

Connection stops working after a while — If you changed your Client Secret, the stored secret no longer matches. Disconnect the account and reconnect with the new Client Secret.