Configuring OAuth Authentication for Microsoft 365

Using OAuth when authenticating requests when fetching emails from Microsoft 365

Prerequisites

  • Microsoft Azure Active Directory account configured

  • The FP16 Patch 1 installed. For instructions, see SAP Note 2933871.

Incoming Servers

If you want to use OAuth authentication for the incoming email server, configure it in System Configurator > System Services > E-Mail Settings > Incoming Mail Servers according to the table below:

Field

Description

Name

Enter the name for the incoming e-mail server. There are no restrictions regarding the name. The names are displayed when you choose the server for an e-mail queue during queue configuration.

Address

Enter the login address with the tenant ID.

The address is of format https://[login address]/[tenant ID, which is a GUID, copied from Azure AD portal]. For example:

https://login.microsoftonline.com/[tenant ID]

You get the tenant ID from the Overview page of Microsoft Azure Active Directory.

Authentication Type

Choose whether the authentication is for a user (OAuth User) or a server (OAuth Service).

Client ID

Enter the Application (client) ID value from Microsoft Azure Active Directory

Secret

This is needed for the OAuth Service. Otherwise, anyone can access it. The secret is not needed for OAuth User because password is required for the queue number. There is no password in OAuth Service for the queue number and application registration should be protected at application registration level with the secret.

Enter the mail server secret from the Value column in Microsoft Azure Active Directory.

Outgoing Servers

If you want to use OAuth authentication for the outgoing email server, configure it in System Configurator > System Services > E-Mail Settings > External Outgoing Mail Server according to the table below.

Field Description
Enable External Outgoing Mail Server To use an external server, select this option.
IP Address or Name of Mail Server Enter the tenant ID of your Office365 system. This is a GUID or a domain name.
Authentication Type To use OAuth authentication, choose the option OAuth Service.
Server User Enter the GUID of the user using the mailbox.
Set Password To enter the password of the mailbox user, select this option.
Password Enter the password.

Queue Configuration

Go to System Configurator > Queue Management > Queues and create an email queue as instructed in Creating Queues in Contact Center 365. In the Numbers/Addresses block, enter the following:

Field Function
Address

Enter the full email address you defined in https://admin.microsoft.com/Adminportal/Home#/homepage during mailbox configuration.

For OAuth user, it is the user email address.

For OAuth server, it is the email address of the shared mailbox.

Priority

Optional

Enter a value that defines how quickly the contact should be answered in regard to other contacts (the lowest value has the highest priority).

For example, queue A has the priority value 5 and queue B has the value 10. The calls from queue A are allocated first.

For more information, see Priority.

This value overrides the value in the Priority field in the Contact Management block.

Extension Language

Optional

Choose a language if it differs from the system default value, or if you want to offer service in various languages.

If you have chosen a queue language (in Queue Management > Queues > Basics), the extension language value overrides the language value of the queue.

E-Mail Account Enter the account name that is used when the mailbox folder is read.
E-Mail Password This is required for OAuth user. Enter the password that is used when the mailbox folder is read.
Sender

Optional

Select this option if you want that the e-mail account can be used as a sender.
E-Mail Server

Enter the incoming mail server name and IP address by choosing the edit icon and by searching for the correct server.

Incoming mail servers are defined in System Services > E-Mail Settings > Incoming Mail Servers.

For other queue-related settings, see the corresponding sections in Creating Queues.