6. Credential Request

Credential Request Call

Outcome: Client understands how to obtain each credential type; all credentials collected and stored securely in 1Password Trigger: Onboarding Call complete, before AI Roadmap Call Duration: 90 min total (15 min prep + 60 min call + 15 min post-call)

Quick Reference

Step

Action

Time

Pre-Call

Generate credential list from proposal

5 min

Create client 1Password vault

2 min

Send prep email

3 min

Pre-call setup

5 min

60-min Call

Intro & agenda

5 min

Security overview & delivery methods

10 min

Walk through OAuth credentials

20 min

Walk through API keys & passwords

20 min

Wrap-up & next steps

5 min

Post-Call

Send thanks email

1 min

Store all credentials in 1Password

5 min

Test all credentials in n8n

5 min

Send confirmation OR correction email

5 min

Purpose: Walk the client step-by-step through obtaining each credential type. Testing happens AFTER the call — any issues are resolved via email with clear instructions.

1Password Vault Architecture

Each client gets their own dedicated vault in 1Password. This keeps credentials organized, makes access control simple, and allows clients to optionally view their own stored credentials.

Vault Structure

The Entourage AI (1Password Account)
├── Private (personal vault)
├── Shared (internal team)
├── TEAI - Internal Tools
└── Client Vaults
    ├── NADD - Nadia's Boutique
    ├── CRFG - Craft Goods Co
    ├── MSBR - Melbourne Spark Bros
    └── {CODE} - {Client Name}

Naming Convention

Element

Format

Example

Vault name

{CODE} - {Client Name}

NADD - Nadia's Boutique

API credentials

{Platform} API Key

Stripe API Key

OAuth credentials

{Platform} OAuth

HubSpot OAuth

Service accounts

{Platform} Service Account

Google Service Account

User/pass logins

{Platform} Login

Xero Login

Permission Levels

Role

Access

When to Use

View Items

See credentials, copy values

Client guest access (optional)

Edit Items

Create, modify, delete

Team members working on client

Manage Vault

Grant/revoke access

Account admins only

Creating a Client Vault

Go to 1Password.com → Vaults → New Vault
Name: {CODE} - {Client Name} (e.g., NADD - Nadia's Boutique)
Description: Credentials for {Client Name} automation workflows
Icon: Use client's industry icon or default folder
Click Create Vault

Adding Team Members

Open the vault → People → Manage
Add team members assigned to this client
Set permission to Edit Items (not Manage)
They'll see the vault on their next sync

Optional: Client Guest Access

If the client wants visibility into their stored credentials:

Open the vault → People → Invite
Enter client's email
Set permission to View Items only
Client receives email invitation
They create a free 1Password guest account
After accepting, they can view (not edit) their credentials

Note: Guest accounts can only access ONE vault, which is why we use one vault per client.

Full Guide

Pre-Call Prep (15 min)

Generate Credential List (5 min)

Review the proposal to identify all systems that will need integration:

/prepare:credential-list {CODE}

This generates a checklist of:

Platform name
Credential type (OAuth2, API key, user/pass)
Required permissions
Delivery method recommendation

Common systems from proposals:

Email: Gmail, Outlook
CRM: HubSpot, Salesforce, Pipedrive
Accounting: Xero, QuickBooks
Communication: Slack, Teams
File storage: Google Drive, Dropbox
Custom: Client-specific APIs

Create Client 1Password Vault (2 min)

If this is a new client, create their vault now:

Go to 1Password.com → Vaults → New Vault
Name: {CODE} - {Client Name}
Description: Credentials for {Client Name} automation workflows
Add yourself and any team members assigned to this client
Permission: Edit Items

Skip if: Vault already exists from a previous engagement.

Send Prep Email (3 min)

/create:email {CODE} --type credential-prep

Send 24-48 hours before the call so client can:

Review what's needed
Identify who has admin access
Choose their preferred delivery method

Pre-Call Setup (5 min)

Open:

Verify 1Password vault exists: If not created in step above, create now before call.

Call Structure (60 min)

Section 1: Intro & Agenda (5 min)

"Thanks for jumping on! Today I'm going to walk you through how to get all the credentials we need for your automation. I'll show you exactly where to find everything — it's like a guided tour of your platforms' settings. Should take about an hour."

Set expectations:

This is educational — you'll see exactly what we need and why
Share your screen when we get to your platforms
I'll note everything down; you don't need to remember the steps
After the call, I'll test everything and email you confirmation

Section 2: Security Overview & Delivery Methods (10 min)

Explain our security approach:

"All your credentials are stored in a dedicated 1Password vault just for your company"
"No one else can access your vault — it's completely separate from other clients"
"You can optionally have view-only access to see what's stored"

Present the two delivery methods:

Option A: OAuth Authorization (Recommended)

You authorize our app directly in the platform
You maintain full control — revoke anytime with one click
Best for: Gmail, Slack, HubSpot, Xero, Google Drive
"Think of it like giving us a house key you can deactivate anytime"

Option B: API Keys & Passwords (for platforms without OAuth)

You create a dedicated API key or user account
We store it securely in your 1Password vault
Best for: Stripe, custom APIs, legacy systems
"We never ask for your personal password — always a dedicated key"

If client is nervous about access:

"You can remove our access anytime with one click"
"We only access data needed for the workflow"
"Everything is logged — you can see exactly what we do"

If client says "We can't share that":

"I completely understand the concern. Here's how we handle security: your credentials are stored in a dedicated 1Password vault that no one else can access — it's just for your company, completely separate from every other client. Only myself and the team assigned to your project can see it. It's really important we get this credential because the platform's API requires it for the automation to work. Without it, we won't be able to connect to {Platform} and that part of the workflow won't function. Is there someone from your IT team we should loop in to discuss security requirements?"

Section 3: Walk Through OAuth Credentials (20 min)

Go through each OAuth platform one by one. The goal is to SHOW the client how to authorize, not rush through it.

For each OAuth platform (Gmail, HubSpot, Slack, etc.):

Explain what we're connecting: "First, let's connect Gmail so we can trigger workflows from emails."
Have client share their screen
Guide them to the authorization:
- "Go to {platform URL}"
- "Click Settings → Integrations → API Access"
- "You'll see an 'Authorize' button..."
Walk through the OAuth flow:
- "Click 'Sign in with {Platform}'"
- "Review the permissions — here's what each one means..."
- "Click 'Allow'"
Confirm success: "Perfect, you should see a confirmation screen."
Note the credential for post-call setup: Document platform name, auth method, any notes.

Pace yourself: Spend 3-5 minutes per platform. Don't rush — this builds trust.

Section 4: Walk Through API Keys & Passwords (20 min)

For platforms without OAuth, guide the client through creating API keys or service accounts.

For each API key platform:

Explain what we need: "For Stripe, we need an API key. Let me show you exactly how to create one."
Have client share their screen
Guide them to API settings:
- "Go to your Stripe Dashboard"
- "Click Developers → API Keys"
- "You'll see 'Secret Key' — that's what we need"
Help them create the key:
- "Click 'Create Restricted Key'"
- "Name it 'Entourage Automation'"
- "Set these permissions: [read charges, read customers, etc.]"
Securely capture the key:
- Have them copy and paste into the Zoom chat (or use 1Password share link)
- Immediately delete from chat after you've captured it
- Or have them send via 1Password share link post-call
Note for post-call: Document platform, key name, permissions granted.

For user/password credentials (legacy systems):

Guide them to create a dedicated "service account" user
Never ask for their personal login
Document: username, how password will be shared (1Password link)

Common platform guides to reference:

Platform

Where to find API keys

Stripe

Dashboard → Developers → API Keys

Xero

Developer Portal → My Apps → New App

QuickBooks

Intuit Developer → My Apps → Keys

Shopify

Settings → Apps → Develop Apps

Mailchimp

Profile → Extras → API Keys

Section 5: Wrap-Up & Next Steps (5 min)

"Excellent work! We've got everything we need. Here's what happens next:"

Immediately after this call: I'll store all credentials securely in your 1Password vault and test each connection
Within 2 hours: You'll get an email confirming everything works — or if there's an issue, I'll include exactly how to fix it
AI Roadmap Call on {date}: We'll dive deep into your processes

"If any credential doesn't work, don't worry — I'll email you the exact steps to fix it. No need to jump on another call."

"Any questions before we wrap?"

Post-Call (15 min)

Step 0: Send Thanks Email (1 min)

Immediately after hanging up, send the credential-thanks email:

/create:email {CODE} --type credential-thanks

This lets the client know you're on it and sets expectations for follow-up.

Step 1: Store Credentials in 1Password (5 min)

For each credential collected during the call:

Open the client's vault: {CODE} - {Client Name}
Create a new item for each credential:

Credential Type

1Password Item Type

Fields to Fill

API Key

API Credential or Password

Name, key value, permissions, created date

OAuth Token

Login

Platform, auth method, authorized scopes

User/Password

Login

Username, password, URL, notes

Add notes to each item:
- Permissions granted
- Who created it (client contact name)
- Date obtained
- Any special instructions

Naming convention in 1Password:

{Platform} API Key — e.g., Stripe API Key
{Platform} OAuth — e.g., HubSpot OAuth
{Platform} Login — e.g., Xero Service Account

Step 2: Test Credentials in n8n (5 min)

For each credential:

Go to n8n → Credentials → Create New
Select the platform
Paste credentials from 1Password
Click Test
Record result: ✅ Verified or ❌ Failed + error message

Common test failures:

Error

Likely Cause

Fix (include in email)

401 Unauthorized

Wrong API key or expired

Ask client to regenerate key

403 Forbidden

Missing permissions

Ask client to add required scopes

Connection refused

IP whitelist blocking

Ask client to whitelist n8n IP

Invalid token

OAuth flow incomplete

Schedule 5-min follow-up to re-auth

Rate limited

Too many requests

Wait and retry in 15 minutes

Step 3: Send Email (5 min)

Based on test results, send ONE of these emails:

If ALL credentials work: Send credential-confirmation email If ANY credential fails: Send credential-correction email

Document in settings.json

{
  "onePassword": {
    "vault": "{CODE} - {Client Name}",
    "clientGuestAccess": false
  },
  "credentials": [
    {
      "name": "{CODE}-Gmail-OAuth2",
      "type": "OAuth2",
      "status": "verified",
      "tested": "{DATE}",
      "deliveryMethod": "oauth",
      "onePasswordItem": null
    },
    {
      "name": "{CODE}-HubSpot-OAuth2",
      "type": "OAuth2",
      "status": "verified",
      "tested": "{DATE}",
      "deliveryMethod": "oauth",
      "onePasswordItem": null
    },
    {
      "name": "{CODE}-Stripe-API",
      "type": "API Key",
      "status": "verified",
      "tested": "{DATE}",
      "deliveryMethod": "1password",
      "onePasswordItem": "Stripe API Key"
    }
  ]
}

Create Call Notes

Save to: clients/{kebab-name}/context/calls/credential-call-{DATE}.md

# Credential Request Call - {Client Name}
Date: {DATE}
Attendees:

## Credentials Configured
| Platform | Name | Status | Notes |
|----------|------|--------|-------|
| Gmail | {CODE}-Gmail-OAuth2 | ✅ Verified | |
| HubSpot | {CODE}-HubSpot-OAuth2 | ✅ Verified | |

## Pending Credentials
| Platform | Owner | Deadline | Blocker |
|----------|-------|----------|---------|
| {Platform} | {Name} | {Date} | {Reason} |

## Notes
{Any issues, concerns, or follow-ups}

Send Confirmation Email

/create:email {CODE} --type credential-confirmation

Handling Pending Credentials

If any credentials couldn't be configured during the call:

Document the blocker — Why couldn't we get it? (No admin access, IT approval needed, etc.)
Assign an owner — Who is responsible for getting it?
Set a deadline — When do we need it by?
Send follow-up email — /create:email {CODE} --type credential-followup

Escalation timeline:

Day 3: Follow-up email
Day 5: Phone call
Day 7: Escalate to sponsor/decision-maker

Handling Additional Systems (Post-Workshop)

Since this SOP runs before Workshop (SOP 7) and Development (SOP 8), additional systems may be discovered later.

During Workshop (SOP 7): If new systems are identified that weren't in the proposal:

Note them in Workshop call notes
Request credentials async via email (using credential-followup template)
Or schedule a brief 10-min follow-up call if complex OAuth

During Development (SOP 8): Check if all required credentials are configured:

If missing: Request immediately with deadline
Update settings.json when received

This is rare since sales maps major integrations during the AI Roadmap sales process.

Credential Naming Convention

Platform

Naming Pattern

Example

Gmail

{CODE}-Gmail-OAuth2

NADD-Gmail-OAuth2

HubSpot

{CODE}-HubSpot-OAuth2

NADD-HubSpot-OAuth2

Slack

{CODE}-Slack-Bot

NADD-Slack-Bot

Xero

{CODE}-Xero-OAuth2

NADD-Xero-OAuth2

API Key

{CODE}-{Platform}-API

NADD-Stripe-API

Email Templates

credential-prep

When to send: 24-48 hours before credential call Command: /create:email {CODE} --type credential-prep

Subject: Credential Setup Call - Quick Prep Needed

Hi {Name},

Looking forward to our credential setup call on {Date/Time}!

This is a 60-minute working session where I'll walk you through connecting all the systems needed for your automation. Think of it as a guided tour of your platforms' settings — I'll show you exactly where to find everything. No technical knowledge required.

WHAT WE'LL CONNECT
Based on your project, we'll need access to:
{List from proposal - e.g.}
- Gmail (for email triggers)
- HubSpot (for CRM updates)
- Slack (for notifications)

BEFORE THE CALL
Please ensure you have:
- [ ] Admin access to the systems above (or have someone with access available)
- [ ] 5 minutes to review this email

HOW WE'LL DO IT
You have two options for sharing access:

**Option A: Add Us to Your Account** (Recommended)
You add our service account to your platform. You keep full control and can revoke access anytime.

**Option B: Secure Password Sharing**
You create a dedicated user/API key and share via our encrypted 1Password vault.

Most clients prefer Option A — we can discuss which works best for you on the call.

SECURITY NOTE
- Your credentials are stored in a dedicated 1Password vault that only your project team can access
- Each client has their own separate vault — your data is never mixed with others
- You can optionally have view-only access to see exactly what's stored
- You can revoke access at any time

Questions? Just reply.

See you on {Date}!

Cheers,
{Your Name}
AI Solutions Engineer
The Entourage AI

credential-thanks

When to send: Immediately after call ends (within 5 minutes) Command: /create:email {CODE} --type credential-thanks

Subject: Thanks {Name}! Testing Credentials Now

Hi {Name},

Thanks so much for jumping on that call! Really appreciate you walking through all the systems with me.

I'm now going to:
1. Store everything securely in your 1Password vault
2. Test each credential to make sure it connects properly

If everything works, I'll send you a quick confirmation email. If anything needs a tweak, I'll email you the exact steps to fix it — no need for another call.

You should hear back from me within the next couple of hours.

Chat soon!

{Your Name}
AI Solutions Engineer
The Entourage AI

credential-confirmation

When to send: Within 2 hours of credential call, ONLY if all credentials tested successfully Command: /create:email {CODE} --type credential-confirmation

Subject: Credentials Configured ✅

Hi {Name},

Great session today! I've tested all the credentials and everything is working perfectly.

CREDENTIALS CONFIGURED
{List each credential - e.g.}
✅ Gmail - Connected via OAuth
✅ HubSpot - Connected via OAuth
✅ Stripe - API Key verified

All credentials are stored securely in your dedicated 1Password vault.

WHAT'S NEXT
Your AI Roadmap Discovery call is on {Date}. We'll dive deep into your processes and pain points.

With credentials already set up, we can hit the ground running when development starts!

Questions? Reply anytime.

Cheers,
{Your Name}
AI Solutions Engineer
The Entourage AI

credential-correction

When to send: Within 2 hours of credential call, when one or more credentials failed testing Command: /create:email {CODE} --type credential-correction

Subject: Quick Fix Needed - {Platform} Credential

Hi {Name},

Thanks for your time on our credential call! I've tested everything and most credentials are working great.

WORKING ✅
{List working credentials - e.g.}
✅ Gmail - Connected via OAuth
✅ HubSpot - Connected via OAuth

NEEDS ATTENTION ⚠️
The {Platform} credential didn't connect successfully. Here's exactly how to fix it:

ISSUE: {Brief description - e.g., "The API key doesn't have the required permissions"}

HOW TO FIX:
{Step-by-step instructions tailored to the specific platform and error}

1. Log in to {Platform} at {URL}
2. Go to {Settings → API Keys / Developer Settings / etc.}
3. {Specific action - e.g., "Create a new API key with the following permissions:"}
   - {Permission 1}
   - {Permission 2}
4. Copy the new key
5. Reply to this email with the new key (or share via 1Password link: {link})

WHY THIS IS NEEDED
{Brief explanation - e.g., "Without the 'read_customers' permission, we can't pull customer data into your workflow."}

Once I receive the updated credential, I'll test it and confirm everything's working.

No need to schedule another call — just reply to this email and I'll handle the rest!

Cheers,
{Your Name}
AI Solutions Engineer
The Entourage AI

Tips for writing correction emails:

Be specific about the exact error
Provide step-by-step fix instructions with screenshots if helpful
Explain WHY the credential is needed (builds urgency)
Make it easy to reply — don't require another call

credential-followup

When to send: 3 days after call if credentials still pending Command: /create:email {CODE} --type credential-followup

Subject: Quick Follow-Up - Pending Credentials

Hi {Name},

Just following up on the credentials we weren't able to configure during our call:

STILL NEEDED
⏳ {Platform} - {What's needed}
   Blocker: {Reason - e.g., "Waiting on IT approval"}
   Impact: {What we can't do without it}

HOW YOU CAN HELP
{Specific action - e.g.}
- Forward this to your IT team with approval request
- Let me know the admin contact and I can reach out directly
- Schedule a quick 10-min call with the person who has access

TIMELINE
We need this by {Date} to stay on schedule for your {Workflow Name} delivery.

Need help unblocking this? Happy to jump on a quick call.

Cheers,
{Your Name}
AI Solutions Engineer
The Entourage AI

Verify

Pre-Call

1Password vault created: {CODE} - {Client Name}
Prep email sent 24-48h before call
Credential list generated from proposal

Call (60 min)

Call completed
All credentials collected (OAuth authorized or API keys received)
Client understands how each platform works

Post-Call

Next: Workshop

Previous5. Onboarding Call Next7. Workshop

Last updated 1 month ago

hashtagCredential Request Call

hashtagQuick Reference

hashtag1Password Vault Architecture

hashtagVault Structure

hashtagNaming Convention

hashtagPermission Levels

hashtagCreating a Client Vault

hashtagAdding Team Members

hashtagOptional: Client Guest Access

hashtagFull Guide

hashtagPre-Call Prep (15 min)

hashtagCall Structure (60 min)

hashtagPost-Call (15 min)

hashtagHandling Pending Credentials

hashtagHandling Additional Systems (Post-Workshop)

hashtagCredential Naming Convention

hashtagEmail Templates

hashtagcredential-prep

hashtagcredential-thanks

hashtagcredential-confirmation

hashtagcredential-correction

hashtagcredential-followup

hashtagVerify

hashtagPre-Call

hashtagCall (60 min)

hashtagPost-Call

Credential Request Call

Quick Reference

1Password Vault Architecture

Vault Structure

Naming Convention

Permission Levels

Creating a Client Vault

Adding Team Members

Optional: Client Guest Access

Full Guide

Pre-Call Prep (15 min)

Call Structure (60 min)

Post-Call (15 min)

Handling Pending Credentials

Handling Additional Systems (Post-Workshop)

Credential Naming Convention

Email Templates

credential-prep

credential-thanks

credential-confirmation

credential-correction

credential-followup

Verify

Pre-Call

Call (60 min)

Post-Call