Private Infrastructure lets you connect mailboxes through your own Google Cloud or Microsoft Azure OAuth app instead of Smartlead’s shared app. You control the credentials, satisfy strict security reviews, and sign every message with your app ID - boosting trust and deliverability.
Before we understand how you can set up private infrastructure in Smartlead, let’s first look at how you can create an OAuth app in Google and Microsoft.
Before You Start
Please connect with your Smartlead Customer Success Manager (CSM) before creating your OAuth app. They’ll guide you through the steps to generate your Client ID and Client Secret correctly.
Mistakes here can affect your email deliverability and campaign performance, so we strongly recommend doing this with a CSM.
1. In Google Cloud Console, select or create a project.
2. Open OAuth consent screen, choose Internal (fastest), fill in App name & support/developer emails, then Save & Continue until done.
3. Go to Credentials → Create credentials → OAuth client ID.
4. Pick a Web application, paste the redirect URI https://app.smartlead.ai/auth/oauth/callback, and click Create.
5. Copy the Client ID and Client Secret - you’ll paste these into Smartlead later.
If the wizard asks you to enable the Gmail API, click Enable and continue.
Go to https://portal.azure.com
→ Azure Active Directory → App registrations → + New registration
Name your app (e.g., Smartlead Mail Auth)
Supported account types:
➤ Select Accounts in this organizational directory only (Single tenant)
(Recommended to limit to your workspace for security & deliverability control)
Redirect URI → Platform: Web
URI: https://app.smartlead.ai/auth/oauth/callback
Click Register
Go to API permissions → + Add a permission
→ Choose Microsoft Graph → Delegated permissions
Add the following scopes:
Mail.Send (required to send email)
offline_access (allows Smartlead to refresh tokens)
User.Read (default/basic info scope)
Click Grant admin consent (required for organization-wide approval)
Go to Certificates & secrets → + New client secret
→ Add a description, set expiry, and click Add
→ Copy the client secret value immediately — it's shown only once.
From the Overview tab, copy:
Application (client) ID
(You already have the secret from step 8)
Incorrect setup can lead to failed mailbox connections or poor deliverability. Your CSM will help you avoid common missteps and get this right the first time.
In Smartlead, click on your Profile >> Settings. You will enter the profile settings screen. Under OAuth Configuration, you can connect your created Google and Microsoft app credentials.
Select a provider from the Credential Setup dropdown - Google or Microsoft. (Refer to the above screenshot)
Fill in the Client ID and Client Secret you copied earlier.
Click on Activate once done.
Smartlead will verify the credentials and store only the ID.
You will also find the option to choose private infrastructure, when you connect a mailbox from the Email Accounts tab (Email Accounts >> Connect Mailbox)
Select Private Infrastructure and proceed adding credentials to activate.
Q. Can I switch back to Smartlead’s shared OAuth?
Yes - delete your custom provider in OAuth Configuration and reconnect mailboxes using Smartlead OAuth.
Q. Does Smartlead store my client secret?
Only momentarily for validation; it is never stored long‑term.
Last updated: 04 July 2025
