N O T I C E

MSPbots WIKI is moving to a new home at support.mspbots.ai to give you the best experience in browsing our Knowledge Base resources and addressing your concerns. Click here for more info!

The From field in MSPbots emails, notifications, and reports is customizable to use your company email instead of the default support@mspbots.ai. This article shows how to change the sender's email address using the OAuth2 method for more secure authorization. 

What's on this page:

Background information 

OAuth (Open Authorization) 2.0 is the modern standard to allow a website or application to access resources hosted by other web apps on behalf of a user. It adds security by providing consented access and restricting client actions performed on resources without sharing the user's credentials. 

Now that basic authentication will be disabled and OAuth 2.0 is the new de facto industry standard for online authorization, MSPbots offers an option to add an extra authentication step in setting up the SMTP configuration for modifying the From field address for outgoing emails and sending reports. Users now have the option to use OAuth 2.0 in the Outgoing Mail settings.

If you prefer using only the basic authentication to modify the Outgoing Mail settings, refer to the article How to Configure the Outgoing Mail Using Basic Authentication

Prerequisites for editing the Outgoing Mail settings 

You must have the following to perform the procedure below: 

  • Admin permissions 
  • Inclusion in the Azure Active Directory (AAD) 
  • Outlook 365 license 
  • Application and developer roles for configuring the AAD 

Gathering the MS OAuth 2.0 credentials for authorization

Follow these steps to generate the required information:

  1. Prepare the redirect uniform resource identifier (URI) which is https://app.mspbots.ai/web/um/smtp/redirect. Once the authorization is successful, Microsoft will use this URI to notify MSPbots about the authentication result. 

    You can find this information with the following steps:

    1. Go to Settings > System > Outgoing Mail in MSPbots.


    2.  Click v icon beside the +Add button and select OAuth2.


    3. When the Add window opens, go to the Redirect URI field, copy the given URL to Notepad, and save it on your Desktop. You will need this later when adding a New registration. 
      redirect URI MSPbots
       

  2. Sign in to the Microsoft Azure portal and secure the credentials needed for the OAuth 2.0 authorization. 

  3. Create a new app registration. 

    1. On the Microsoft Azure homepage, click App registrations. If you can't find App registrations on the page, search for it in the search bar.
      register in Azure

    2. When the App registrations page opens, click the +New registration tab. 
      register new app

    3. In the Register an application form:

      1. Name - Enter a unique name for your application. 

      2. Supported account types - Select Account in this organizational directory only (MSPbots.ai only - Single tenant) from the options.   

      3. Redirect URI (optional) - In the first box, select Web, and in the second box, enter the Redirect URI copied from Step 1.c.

      4. Click Register
        register an app

  4. Next, go to Certificates & secrets on the sidebar menu, then click +New client secret on the right under the Client secrets tab.
    new client secret

    1. In the Add a client secret window: 

      1. Description - Add a description. 

      2. Expires - Select an expiry date from the dropdown menu. 
        client secret expiry

        Before the secret expires you must create a new secret and apply it to the MSPbots Outgoing Mail settings. 

      3. Click Add located at the bottom of the Add a client secret window.

    2. The addition is successful once the Update application credentials pop-up window appears. 
      update application success

    3. Click the copy copy iconicon in the Value column to copy the value to Notepad and save it on your Desktop.  You will need this value later when configuring OAuth 2.0 in the mail settings.
      copy value

  5. Next, go to API Permissions on the sidebar menu.

    1. Click the +Add a permission button. 
      add a permission
    2. In requesting API permissions window, go to the Microsoft APIs tab and select Microsoft Graph.
      request API permissions - select Microsoft Graphs
    3. Next, select Delegated permissions.
      required API permissions - delegated permissions
    4. Enter SMTP in the search bar under Select permissions, then click SMTP and select SMTP.Send.
      select SMPT.Send
    5. Enter IMAP in the search bar under Select permissions, then click IMAP and put a checkmark IMAP.AccessAsUser.All.
      check IMAP.AccessAsUser.All.
    6. Click the Add permissions button.
    7. The permissions you added will appear in the Configured permissions list.
      configured permissions list
  6. Next, go to the Overview.
    1. Click the copycopy iconicon next to the Application (client) ID to copy the value to Notepad and save it on your Desktop. You will also use this value for creating the OAuth 2.0 credential in the mail settings. 
      copy client ID
    2. Click the Endpoints tab.
      endpoints tab
    3. Copy the OAuth 2.0 authorization endpoint (v2) and the OAuth 2.0 token endpoint (v2) to Notepad and save it on your Desktop, such as Notepad. You will also use these values for creating the OAuth 2.0 credential in the mail settings.
      endpoints

Setting up OAuth 2.0 in MSPbots 

  1. Open the MSPbots app.
  2. Go to Settings > System, and click Outgoing Mail in the upper right corner of the System page.


  3. Click v icon on the right side of the +Add button and select OAuth2.


  4. Fill in the following fields in the Add window. 
    1. Host Name - This value is pre-filled.
    2. Authorization URL and Token URL - Use the values from Step 6.c of the previous section. 
    3. Redirect URI - This value is pre-filled. 
    4. Client ID - Use the values from Step 6.a of the previous section. 
    5. Client Secret - Use the values generated in Step 4.c of the previous section. 
    6. Username - Enter your username. 
    7. Reply to -  Enter your preferred email.
    8. Signature - Input your signature. 
      add oauth 2.0
  5. Click Authorize
  6. On the Microsoft login screen, enter the user password you provided in the OAuth 2.0 credential and click Sign in.
  7. Click Accept in the Microsoft pop-up window requesting permissions for MSPbots. 
    permission requested
  8. The message Authentication successful oauth redirect success appears. 
    oauth 2.0 redirect success

Verifying if the authentication is successful 

Go back to MSPbots and refresh the Outgoing Mail page to verify if the configuration works. The mailbox status should show Verified for a successful authentication. If the status is Not Verified, repeat Setting up OAuth 2.0 in MSPbots until the authorization is successful. 

verify successful authorization

Related Topics 

N O T I C E

MSPbots WIKI is moving to a new home at support.mspbots.ai to give you the best experience in browsing our Knowledge Base resources and addressing your concerns. Click here for more info!