1. Home
  2. Docs
  3. Inbound Shield™
  4. API Integration guide
  5. Requirements

Requirements

Trustifi Account

The intended administrator in charge of mailbox protection must have an active Trustifi account with a “Pro” plan – this is in order to have access to the “Inbound Management” section.

Additional accounts can be created for co-admins, but this is not mandatory.

The account admin must be able to access his Trustifi account and log in to the Trustifi web app.

 

Access to Exchange Admin Center

The admin must have access to the Exchange Admin Center (EAC) and Azure portal with administrative roles such as global admin.

The administrative role can be either ( 1 ) a tenant (directory) admin, ( 2 ) a global admin, or ( 3 ) an admin with custom permissions/roles (see below).

This is required in order to successfully integrate the mail server with Trustifi and successfully import the admin’s assigned mailboxes.

Information! If the admin connects to MS Exchange using a tenant admin credentials, only the mailboxes assigned to this tenant (directory) will be imported into Trustifi. If your Exchange is hosting multiple domains and you wish to import mailboxes from one domain only, you will need to create a specific tenant/directory, transfer all relevant users to the directory and assign the domain to this tenant. You will then need to provide the tenant admin privileges.

Please see below the full list of permissions required by Trustifi for integration:

Directory.Read.All (read directory data)Group.Read.All (read groups data)Mail.ReadWrite (read and write emails in all mailboxes)User.Read.All (read all users full profiles)

The admin can always review and modify the permissions, see logs and perform more actions using the Azure management dashboard by navigating to the Microsoft Azure Portal via https://portal.azure.com and using the top search bar to find “Enterprise applications”.

Then, finding “Trustifi” from the app list/table, and navigating to “Permissions” from the left navigation bar (see figure 1).

The Azure dashboard

Figure 1: The Azure dashboard showing the permissions granted to Trustifi.

Additional

In order to apply protection to the intended mailboxes in a quick and error-free way, the admin should prepare in advance a list of the intended mailboxes in a .csv file (Comma-Separated Values).

It is also optional to provide a list of domains that belong to your organization’s partners/vendors, so that Trustifi can apply additional protection for these domains (useful for protecting against impersonation/homoglyph attacks for the provided domains). See section 4.2.2 for more detail.

 

How can we help?