This document describes how to set up an OAuth2 application in Microsoft 365 to use for sending secure emails from Solaria and ServiceLink.
Create New OAuth2 Application
- Login to https://entra.microsoft.com.
- Select Applications à App Registrations on the left menu.
- Click on + New registration.
- Enter a name for your application, such as “Solaria”. Leave all other defaults then click on Register.
Add Web Authentication
- Select Authentication on the left for the application.
- Click on + Add a platform.
- Click on Web.
- Enter a URI of “http://localhost:54669/api/__oauth2/omnis”.
- Click on Configure to save it.
Create a Client Secret
1. On the “Overview” page, copy and paste the Application (client) ID, Object ID and Directory (tenant) ID into a secure document.
2. On the “Overview” page, click on Add a certificate or secret.
3. Click on + New client secret.
4. Enter a Description, such as “Solaria” and an expiration date, then click on Add.
5. Copy and paste the client secret Value into a secure document.
Add Permissions
Assign the following permissions to the application:
- Select API Permissions on the left for the application.
- Add the SMTP.SendAsApp permission (only needed for Solaria):
- Click on + Add a permission.
b. Click on APIs my organization uses then click on Office 365 Exchange Online.
c. Click on Application permissions.
d. Enter “SMTP” in the search field. Check “SMTP.SendAsApp” in the results.
e. Click on the Add permissions button at the bottom of the page to save.
3. Add the Microsoft Graph application permissions:
- Click on + Add a permission.
- Click on Microsoft Graph.
- Click on Application permissions.
- Find and check “Application.ReadAll”, “User.Read.All” and "Mail.Send".
- Click on Add permissions to save.
4. Add the Microsoft Graph delegated permission:
- Click on + Add a permission.
- Click on Microsoft Graph.
- Click on Delegated permissions.
- Find and check “SMTP.Send” and "User.Read".
- Click on Add permissions to save.
5. The tenant admin must grant consent to the permissions. Logged in as the tenant admin, click on Grant admin consent for [company name] on the API permissions page. Click Yes to grant permissions to the application.
Get the Endpoints
1. Click on the Overview option on the left, then the Endpoints option at the top of the section on the right side of the page.
2. Copy and paste the following items into a secure document.
- OAuth 2.0 authorization endpoint (v2)
- OAuth 2.0 token endpoint (v2)
Register App with ExchangeOnline
In order to send emails without user authorization (behind the scenes), the application needs to be registered with ExchangOnline. This must be done by the tenant admin.
1. Open PowerShell as an administrator and enter the following commands, filling in your own values for the items highlighted in square brackets:
Connect-ExchangeOnline -UserPrincipalName [admin@yourdomain.onmicrosoft.com]
2. When prompted, enter the password.
New-ServicePrincipal -AppId [Application (client) ID] -ObjectId [Object ID]
3. For each email address that needs to send from Solaria with this OAuth2 app, enter the following command (all on one line with a space after "-AccessRights"):
Add-MailboxPermission -Identity [email address] -User [Application (client) ID] -AccessRights FullAccess
4. When all emall addresses have been added, disconnect from ExchangeOnline:
Disconnect-ExchangeOnline
5. Close PowerShell.
Enter Email Settings in Solaria
OAuth2 can be used in Solaria 7.70 or higher to send emails in a secure format. To add your OAuth2 application information to an email account, do the following:
1. Select Settings à My Email Account.
2. Click on the OAuth2 tab.
3. Check Use OAuth2.
4. Enter the Application (client) ID for the Client ID.
5. Enter the client secret Value for the Client Secret.
6. Enter the OAuth 2.0 authorization endpoint (v2) for Authoriziation URI.
7. Enter the OAuth 2.0 token endpoint (v2) for Token URI.
8. Enter a Scope of “https://outlook.office365.com/.default”.
9. Select a Grant Type of “Client Credentials”.
10. Save the changes then use the Send Test Email button to verify that it works.
Enter Email Settings in ServiceLink
OAuth2 can be used in ServiceLink to send emails in a secure format. To add your OAuth2 application information to an email account, do the following:
1. Select Settings à Division à select division à Email/Text Settings.
2. Click on the edit icon button.
3. Select "OAuth 2.0" for the Email Auth field.
4. Select "Microsoft" for the Vendor.
5. Enter the Directory (tenant) ID you copied earlier in Tenant Id.
6. Enter the Application (client) ID in Client ID.
7. Enter the client secret Value in Client Secret.
8. Enter the email address you are sending from in From Email.
9. Save the changes then use the Verify button to send a test email to verify that it works.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article