How to Configure the Outgoing Mail Using OAuth 2.0

The From field in MSPbots emails, notifications, and reports is customizable to use your company email instead of the default support@mspbots.ai. This article shows how to change the sender's email address using the OAuth2 method for more secure authorization. 

What's on this page:

Background information 

OAuth (Open Authorization) 2.0 is the modern standard to allow a website or application to access resources hosted by other web apps on behalf of a user. It adds security by providing consented access and restricting client actions performed on resources without sharing the user's credentials. 

Now that basic authentication will be disabled and OAutho 2.0 is the new de facto industry standard for online authorization, MSPbots offers an option to add an extra authentication step in setting up the SMTP configuration for modifying the From field address for outgoing emails and sending reports. Users now have the option to use OAuth 2.0 in the Outgoing Mail settings.

If you prefer using only the basic authentication to modify the Outgoing Mail settings, refer to the article How to Configure the Outgoing Mail Using Basic Authentication. 

Prerequisites for editing the Outgoing Mail settings 

You must have the following to perform the procedure below: 

• Admin permissions 
• Inclusion in the Azure Active Directory (AAD) 
• Outlook 365 license 
• Application and developer roles for configuring the AAD 

Gathering the MS OAuth 2.0 credentials for authorization

Follow these steps to generate the required information:

1. Prepare the redirect uniform resource identifier (URI) which is https://app.mspbots.ai/web/um/smtp/redirect. Once the authorization is successful, Microsoft will use this URI to notify MSPbots about the authentication result. 

   You can find this information with the following steps:

   1. Go to Settings > System > Outgoing Mail.

   2. Click Addv and select OAuth2. 

   3. When the Add window opens, go to the Redirect URI field and copy the given URL. 

       
2. Sign in to the Microsoft Azure portal and secure the credentials needed for the OAuth 2.0 authorization. 

3. Create a new app registration. 

   1. On the Microsoft Azure homepage, click App registrations. If you can't find App registrations on the Microsoft Azure homepage, please search in the search bar.
      

   2. When the App registrations page opens, click the +New registration tab. 
      

   3. In the Register an application form:

      1. Name - Enter a unique name for your application. 

      2. Supported account types - Select Account in this organizational directory only(MSPbots.ai only - Single tenant) from the options.   

      3. Redirect URI(optional) - In the first box, select Web and in the second box, enter the Redirect URI copied from Step 1.

      4. Click Register. 
         

   4. The Application (client) ID will be shown after your registration is done. Take note of this ID. ---？?

   5. Next, go to Certificates & secrets in the sidebar menu, then在Client secrets tab下 click +New client secret on the right. 
      

   6. On the Add a client secret window: 

      1. Description - Add a description. 

      2. Expires - Select an expiry date from the dropdown menu.
         

         Before the secret expires you must create a new secret and apply it to the MSPbots Outgoing Mail settings. 

      3. Click Add located at the bottom of the Add a client secret window.

      4. Once the Update application credentials popup appears in the top right corner of the page, the addition is successful.、

      5. Click the copy icon below the Value. You will need these values later when configuring OAuth 2.0 in the mail settings.
         ---换图
         

   7. Next, go to API Permissions in the sidebar menu.

      1. Click the Add permissions button. 
      2. Under the Microsoft APIs tab, select Microsoft Graph.
      3. Next, select Delegated permissions.
      4. Enter SMTP in the search bar under Select permissions, then click SMTP and check SMTP.Send.
      5. Enter IMAP in the search bar under Select permissions, then click IMAP and check IMAP.AccessAsUser.All.
      6. Click the Add permissions button.
      7. The permissions you added will appear in the Configured permissions list.
   8. Next, go back to the Overview and click the Endpoints tab.
   9. Copy the OAuth 2.0 authorization endpoint (v2) and the OAuth 2.0 token endpoint (v2) to your local desktop. You will also use these values for creating the OAuth 2.0 credential in the mail settings. 
      

Setting up OAuth 2.0 in MSPbots 

1. Open the MSPbots app and go to Settings > System. 
2. Click Outgoing Mail in the upper right corner of the Settings tab.
   
3. Click Add and select OAuth2. 
   
   
4. Fill in the following fields: 
   1. Host Name - Cannot be modified.
   2. Authorization URL and Token URL - Use the values from Step 3.h of the previous section. 
   3. Redirect URI - This value is pre-filled. 
   4. Client ID and Client Secret - et the values generated in Step 3.f of the previous section. 
   5. Username - Enter your username. 
   6. Reply to -  Enter your preferred email.
   7. Signature - Input your signature. 
      
5. Click Authorize. 
6. When the confirmation pop-up window opens, click Continue. 
7. On the Microsoft login screen, enter the user password you provided in the OAuth 2.0 credential and click Sign In. 
8. Click Accept in the pop-up window with the requested permissions. 

Verifying if the authentication is successful 

To verify if the configuration works, refresh the mailbox list page. The mailbox status should show Verified for a successful authentication. If the status is Not Verified, repeat Step 4 onwards until the authorization is successful. 

Related Topics 

• Page:
  How to Configure the Outgoing Mail Using OAuth 2.0
• Page:
  How to Configure the Outgoing Mail Using Basic Authentication
• Page:
  Configure the Outgoing Mail - Mailjet