Login
    Contents x
    Azure SMTP mail server with Oauth2
    • 12 Nov 2024
    • 3 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Contents

    Azure SMTP mail server with Oauth2

    • Updated on 12 Nov 2024
    • 3 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    • PDF
    Article summary

    1. Setting up an Azure SMTP mail server with Oauth2

     1.1 Azure configuration

    1. Sign in to the Azure portal. (https://portal.azure.com/#home)
    2. Press "Microsoft Entra ID"
    3. Select "App Registrations" from the menu on the left.
    4. If your app isn't registered, follow the Microsoft app registration steps before proceeding. (https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app)
    5. If the app is already registered, choose the "All Apps" tab
    6. Select your app.
    7. Note the information at the top of the page. You'll need the directory and application credentials.
      1. Application ID (Client)
      2. Directory ID (tenant)
    8. Tap "Allowed APIs" in the menu on the left.
    9. Choose "Add Permission"
    10. In the new window, choose "APIs used by my organization"
    11. Type "Office 365" in the search bar.
    12. Choose "Office 365 Exchange Online" from the results.
    13. Choose "App Permissions"
    14. Open the "Mail" section and check the "Mail.Send" permission
    15. Open the "SMTP" section and check the "SMTP. SendAsApp »
    16. Tap "Add Permissions" at the bottom of the window.
    17. Tap "Grant admin consent to..." to the right of the "Add Permission" option
    18. Choose "Yes" in the new window and log in with an admin account if requested.
    19. Tap "Certificates & Secrets" in the menu on the left.
    20. Choose "New Client Secret"
    21. Provide a description and expiration date for the secret.
    22. Tap "Add" at the bottom of the window.
    23. Note the "Value" of the generated secret. This information is only available for a limited time after creation. If this information is lost, a new secret will have to be regenerated.

    1.2 Exchange Configuration

    1. Sign in to the Azure portal. (https://portal.azure.com/#home )
    2. Tap "Microsoft Entra ID"
    3. Choose "Enterprise Apps" from the menu on the left.
    4. Select your app.
    5. Note the value of "Object ID"
    6. Open a "Powershell" window as an administrator on your Windows computer.
    7. Run "Install-Module -Name ExchangeOnlineManagement -RequiredVersion 3.4.0"
    8. Run "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned"
    9. Run "ExchangeOnlineManagement Import-module"
    10. Run "Connect-ExchangeOnline -Organization [tenantId]" where [tenantId] is the value of "Directory ID" in Azure above.
    11. Log in to an admin account in the window that opens.
    12. Run "New-ServicePrincipal -AppId [appId] -ObjectId [objId]" where [appId] is the value of "Application ID" in Azure above and [objId] is the value noted in step 5.
    13. Run "Get-ServicePrincipal | fl" to see the info of the service created.
    14. Note the value of "ExchangeObjectId"
    15. Run "Add-MailboxPermission -Identity "[username]" -User [exchangeId] -AccessRights FullAccess" where [username] is the value of the mailbox from which you want to send emails and [exchangeId] is the value noted in step 14.
    16. Validate that the permission has been added with "Get-MailboxPermission -Identity "[username]"" and validate that there is an entry for your [objId] from step 5
    17. Run "Set-TransportConfig -SmtpClientAuthenticationDisabled $false"
    18. Run "Disconnect-ExchangeOnline"
    Turnaround time
    Note that there is a delay between when commands are executed and when changes are actually affected in Azure services.
    Note that if the license of the user to whom the "Add-MailboxPermission" permission was created is withdrawn, the permission also seems to disappear. It will therefore be necessary to repeat steps 15 and 16 to give it a licence after giving it a licence. If a user does not have a license, it will be impossible to create permission for them, the system will return an error that this user cannot be found. 


    1.3 Constellio configuration in "Application" mode

    1. Log in to Constellio with an account that has permissions to set up an email server.
    2. Select "Control" from the menu on the left.
    3. Choose "Configure Mail Server" to change your existing configuration to Oauth2.
    4. Check the " Enabled " box;
    5. Choose "Application" as your authentication mode.
    6. Fill in the "Username" and "Default Sending Email" fields with the value of the box configured in the Exchange section above.
    7. Fill in the "Tenant Identification" fields with the value of "Directory ID" from the "Azure" section above.
    8. Fill in the "Application Identification" fields with the value of "Application ID" from the "Azure" part above.
    9. Fill in the "Client Secret" field with the value of the secret generated in the "Azure" section above.
    10. In the "Server Property" section, add the line "mail.smtp.auth.mechanisms=XOAUTH2"
    11. Tap "Save" at the bottom of the page.


    1.4 Server proprieties

    Here's a functional example : 

    mail.smtp.port=587
     mail.smtp.starttls.required=true
     mail.smtp.auth=true
     mail.smtp.starttls.enable=true
     mail.smtp.socketFactory.port=587
     mail.smtp.host=smtp.office365.com
     mail.smtp.auth.mechanisms=XOAUTH2

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout