You’re connecting an entire company, and sending 500 employees through an OAuth consent screen one at a time isn’t an option. For internal tools and enterprise deployments, the admin should be able to connect every mailbox in the domain in one move.
Nylas bulk auth does exactly that. An administrator grants access once at the organization level, and it creates grants for users across the domain without each person running an individual OAuth flow.
How do I authenticate many accounts at once?
Section titled “How do I authenticate many accounts at once?”Bulk auth works through 2 providers (Google and Microsoft), each using that provider’s organization-level trust model. Instead of a per-user consent screen, an admin authorizes Nylas for the whole domain, and you create grants programmatically for any user in it. It’s built for internal apps and enterprise deployments where one admin speaks for many mailboxes.
This is a plan-gated feature, so confirm it’s enabled for your Nylas application first. See bulk authentication for the full setup on both providers.
How does bulk auth work on each provider?
Section titled “How does bulk auth work on each provider?”The 2 providers use different organization-level trust models. Google bulk auth uses a Google Workspace service account with domain-wide delegation: a Workspace admin grants the delegation once in the Admin console, and the service account’s private key lets Nylas request an access token for any user in the domain. Microsoft bulk auth uses admin consent instead, where a Microsoft 365 tenant administrator consents to your application’s permissions once for the whole tenant.
The mechanism differs, but the outcome matches on both providers: one admin authorization replaces every individual consent screen. Once it’s configured, you create a grant for a given domain user with a single Custom Authentication request, referencing the connector credential, and Nylas handles the token exchange.
curl --request POST \ --url 'https://api.us.nylas.com/v3/connect/custom' \ --header 'Authorization: Bearer <NYLAS_API_KEY>' \ --header 'Content-Type: application/json' \ --data '{ "provider": "google", "settings": { "credential_id": "<NYLAS_CONNECTOR_CREDENTIAL_ID>", "email_address": "[email protected]" } }'The exact permissions and steps for each provider are in the bulk auth reference.
What’s next
Section titled “What’s next”- Bulk authentication for the complete Google and Microsoft setup
- Connect user accounts with OAuth for the standard per-user flow
- Handle grant expiry and re-authentication to keep bulk grants healthy
- Authentication overview for every authentication method