Granting Trove permissions to access an Outlook mailbox

How Microsoft IT admins can grant Trove permission to connect to a Microsoft 365 (Outlook) mailbox.

Summary

A colleague has asked you to approve Trove’s access to their Microsoft 365 mailbox. To do this, click here to open the Microsoft admin consent page, review the permissions and approve. Once you’ve done that, let your colleague know and they can add their email address on the Trove’s email settings page.

What is Trove?

Trove helps businesses recover unpaid invoices. It schedules payment reminders which the user can send directly from their email address. This means debtors receive an email that looks like it came from a real person rather than an automated system. This significantly increases the rate at which invoices get paid.

Trove can also monitor the user’s inbox for replies - for example, if a customer says they’ll pay at the end of the month, Trove can automatically pause reminders until then so it doesn’t look like the customer’s email was ignored.

Why does Trove need admin approval?

Microsoft requires an administrator to approve any third-party application before users in your organisation can connect it to their mailbox. This is a standard Microsoft security requirement.

Clicking the approval link doesn’t grant Trove access to anything automatically. It simply unlocks the ability for individual users in your organisation to connect their own mailbox if they choose to. Only users who actively grant Trove access to their Outlook will be impacted.

How to grant approval

Click here to open the Microsoft admin consent page.

You’ll be asked to sign in with your Microsoft admin account and review the permissions Trove is requesting. Once you’ve approved, let your colleague know. They can then add their email on the Trove email settings page.

If you would like to restrict which users are able to connect Trove, you can do this using RBAC policies.

Removing access

Your colleague can disconnect Trove at any time from their Trove email settings page. Access can also be revoked via the Microsoft Privacy Dashboard or by removing access in Microsoft Entra.

I want more information on the scopes Trove needs

Trove requests access via the official Microsoft Graph API and complies with Microsoft’s Privacy Statement. Trove’s use of your data is strictly limited to providing the features you request - it is never used for advertising, profiling, or anything unrelated to invoice collections.

When users log in to Trove with their Microsoft account, Trove requests the following standard OIDC/OAuth2 scopes: openid, profile, email, User.Read. This is basic account information only (name, email address, user ID).

Mailbox access

offline - allows Trove to stay connected to the mailbox even when the user isn’t logged in to Trove. This is required for Trove to use Microsoft 365 email.
Mail.Send - allows Trove to send emails on behalf of a user that has added their email. This is required for Trove to use Microsoft 365 email.
Mail.Read - allows Trove to read replies to emails it has sent so it can suggest appropriate follow-up actions. Trove only ever reads replies to its own emails unless the user gives explicit permission to read all emails. Highly recommended or functionality will be limited.
Mail.Send.Shared - allows Trove to send from shared mailboxes the user has access to, such as a shared accounts@company.com address. Only required if shared mailboxes are in use.
Mail.Read.Shared - allows Trove to read replies from shared inboxes. Only required if shared mailboxes are in use.