Configuring OAuth - Microsoft Office 365
HTTPS Required - Microsoft requires the requesting application to be hosted via HTTPS. A FlexDeploy installation only using HTTP will not be able to use Microsoft OAuth.
Create the Application in Azure AD
Register a New App
Navigate to the Azure portal and select Azure Active Directory from the browser. Once there click on App Registrations and register a new app.
Add the Redirect URI
Give your app a name and set the web redirect URI.
This should be your FlexDeploy server with the following path /flexdeploy/faces/oauth
Request Permissions
After clicking register copy the client id and tenant id on the home page of the application. Next click on API Permissions
On the API Permissions screen, click Add a Permission and select Microsoft Graph → Delegated Permissions.
You will need to add the following permissions:
IMAP.AccessAsUser.All
offline_access
SMTP.Send
User.Read
You may need your admin to grant consent for the permissions above, which they can do by navigating to the same screen as above and hitting the currently disabled ‘Grant admin consent’ button
Add a Client Secret
Finally, navigate to Certificates & secrets on the left hand panel, create a client secret and copy that to safe location.
Â
Update FlexDeploy System Settings
Match the Server Base URL
First, make sure your FlexDeploy Server Base Url matches what you entered in Azure Application redirect. The server base url should NOT include the /flexdeploy/faces/oauth however.
Populate OAuth Information
Next, select Microsoft OAuth for the SMTP and/or IMAP auth type and add:
SMTP/IMAP Username
Client Id
Client Secret
Tenant Id
Â
Authorize and Validate
After populating the necessary fields, click the Authorize OAuth button, at this point a new tab will open where you will be re-directed Microsoft to authorize FlexDeploy. If everything is successful you should be redirected back to this page:
Â
- style