E-Mail-Integration with Zalion

Zalion enables secure and automated email processing to support workflows such as order confirmations, supplier communication, and structured document extraction. Depending on your email infrastructure, we support multiple integration paths - all with enterprise-grade encryption, access control, and auditing.

Note: The email integration only works if it has already been approved by your IT department. If the integration can be activated in your Zalion environment, your IT team has already granted approval. Please contact your Zalion representative for details.

---

Table of Contents

1. What Does the Integration Do?
2. Usage for End Users
3. Setup via Microsoft GraphAPI
4. Other Integration Paths
5. Email Integration Overview
6. Security and Governance
7. Frequently Asked Questions (FAQ)

---

1. What Does the Integration Do?

With the Outlook integration, you can:

• Send emails directly from Zalion (no copy/paste)
• Automatically assign incoming and outgoing emails to the corresponding case
• Keep your communication history complete without manual effort

2. Usage for End Users

Sending Emails

With integration: Click "Send Email" in the email card - the message is sent via your Outlook.

Keeping History Up to Date

With integration: Incoming and outgoing emails are automatically synchronized if they are within the same email conversation.

How Email Assignment Works

• Automatic assignment: Replies to conversations started from Zalion are automatically detected upon receipt and assigned to the communication history.
• Sending from Zalion: All emails sent from Zalion are automatically stored (in Sent Items in Outlook + in the thread history).

3. Setup via Microsoft Graph API

The following guide describes the setup for Microsoft 365 / Outlook via Graph API - the recommended and most common integration method. For alternative integration paths (Gmail, IMAP/SMTP, EWS), see Section 4.

Prerequisite: Microsoft 365 / Microsoft Entra ID (formerly Azure AD) with permission for app registration and admin consent.

Step 1: Register App in Microsoft Entra

• Register a new app, note the Client ID and Tenant ID.
• Add the Redirect URI (Reply URL) for Zalion - the URL is displayed in the integration dialog.

Step 2: Assign Permissions (Scopes)

• Delegated: Mail.Read, Mail.Send, plus offline_access (Refresh Token).
• Optional App-Only: Mail.Send, if sending without a logged-in user is required - requires admin consent and stronger security measures.

Step 3: Create Client Secret (or Certificate)

• Create a secret or certificate and store it securely.

Step 4: Connect in Zalion

• Go to Settings -> Integrations -> Microsoft Outlook
• Enter Tenant ID, Client ID, Client Secret
• Connect and complete admin consent.

Step 5: Test

• Send a test email from a case and verify delivery.

Least Privilege: Only grant the minimum required permissions.

Security and Data Protection (Admin Area)

• Access via OAuth2 with configurable scopes (see above).
• Store secrets/certificates only in the secure admin area.
• Revocation possible at any time (revoke app access in Entra ID).

Troubleshooting

• 403/Consent error: Admin consent missing or scope not granted.
• Unable to send: Token expired -> reconnect the integration.

Onboarding Process (Microsoft 365)

To connect Zalion to your Outlook environment, a one-time app approval by a Microsoft administrator on your side is required:

1. We provide you with a personalized admin consent link. This link requests the necessary permissions (mail access to the relevant mailboxes).
2. A Microsoft administrator at your organization opens the link and grants admin consent for your tenant.
3. Once admin consent is granted, users can sign in to our platform (agents.zalion.ai) with their Microsoft account and connect their mailbox themselves.

The entire process typically takes just a few minutes. If you have any questions about the approval or the requested permissions, your Zalion representative is happy to help.

4. Other Integration Paths

Option 1: Microsoft 365 via Graph API

Recommended method for Microsoft 365 customers. For the complete setup guide, onboarding process, and troubleshooting, see Section 3.

Option 2: Google Workspace (Gmail API)

Zalion supports integration with Gmail via Google's official Gmail API, suitable for customers using Google Workspace.

Features

• Read emails, labels, threads, and attachments
• Optional send access via Gmail Draft + Send APIs
• Search and filter capabilities
• Real-time notifications via Gmail Watch/Webhook services

Technical Requirements

• Google Workspace administrator must authorize Zalion's OAuth app
• Scopes such as https://www.googleapis.com/auth/gmail.readonly or .modify
• The Zalion project must be approved in your Google Cloud admin console

Security

• OAuth 2.0 authentication with Google
• All requests over TLS 1.3
• App access can be restricted to individual mailboxes
• No persistent credentials - token-based session model

Recommended for: Organizations using Gmail for supplier communication and structured messaging workflows.

Option 3: IMAP / POP3 / SMTP (Direct Server Access)

A legacy-compatible approach for integration with self-hosted or third-party mail servers via standard email protocols.

IMAP or POP3 (Inbound Access)

• Scheduled polling of inboxes
• Reading and extracting structured content or attachments
• Configurable polling frequency (e.g., every 10 minutes)
• Requirements: Server address, port, credentials, TLS-enabled mail access, whitelisting of Zalion IP addresses
• Security: Encrypted transmission over TLS, option to restrict to read-only access, restriction to specific folders or accounts

SMTP (Outbound)

• Sending order confirmations or replies
• Using the customer's domain (e.g., procurement@yourcompany.com)
• Requirements: SMTP credentials and server access, TLS required, optional relay configuration to limit outbound addresses
• Security: STARTTLS or SMTPS encryption, sender domain validation supported, SPF/DKIM alignment recommended

Option 4: Microsoft Exchange Web Services (EWS)

For on-premise or hybrid Exchange configurations, Zalion integrates via EWS to securely retrieve and process emails.

• Structured access to Exchange mailboxes
• Filtered folder processing
• Option for impersonation-based access
• Requirements: EWS endpoint and service credentials, NTLM or basic authentication (depending on environment), firewall whitelisting
• Security: HTTPS encrypted (TLS 1.2+), restricted mailbox access, logging via Exchange audit tools

5. Email Integration Overview

Method	System Type	Read Emails	Send Emails	Authentication	Encryption
Microsoft Graph API	Microsoft 365 (Cloud)	Yes	Optional	OAuth 2.0 via Azure AD	TLS 1.3
Gmail API	Google Workspace (Cloud)	Yes	Optional	OAuth 2.0 via Google	TLS 1.3
IMAP	On-premise or hosted	Yes	No	Username/Password	TLS
POP3	On-premise or hosted	Yes	No	Username/Password	TLS
SMTP	On-premise or hosted	No	Yes	Username/Password	TLS
Exchange Web Services	Microsoft Exchange	Yes	Optional	NTLM/Basic Auth	TLS

6. Security and Governance

Across all email integration options, Zalion adheres to the following principles:

• Encryption by default (AES-256 and TLS 1.3, wherever applicable)
• No password storage - token-based or service authentication only
• Least Privilege Access - access restricted to specific mailboxes/folders
• Auditability - all read/write operations are logged
• Customer control - you define access scopes, folders, and data retention

During onboarding, we work with your IT and compliance teams to jointly define access permissions, mailbox mappings, and polling or webhook configurations in accordance with your policies.

7. Frequently Asked Questions (FAQ)

Who can see the emails? Only authorized users within the corresponding case in Zalion.

Can I disconnect the integration at any time? Yes, in Settings -> Integrations. Additionally, app access can be revoked at any time directly in Microsoft Entra ID.