Configuring OAuth - Microsoft Office 365

Owned by Karl Henselin
Last updated: Jan 07, 2025
3 min read

HTTPS Required - Microsoft requires the requesting application to be hosted via HTTPS. A FlexDeploy installation only using HTTP will not be able to use Microsoft OAuth.

Create the Application in Azure AD

Register a New App

See the page Creating and connecting to an Office 365 email application compatible with FlexDeploy for directions to create a suitable application in Azure. Then resume with this page when ready.

Update FlexDeploy System Settings

Update FlexDeploy System Settings

Next, go to System Settings → Email Settings and select OAuth for the SMTP or IMAP auth types. Note that although it is displayed as SMTP or IMAP, it is not going to use SMTP or IMAP.

  1. SMTP User - This is the user that will be logging in to graph with

  2. SMTP OAuth Application - Choose the OAuth application you just created.

  3. SMTP From Address - The user must have permission to send from this address, or it won’t work. This can be a shared mailbox.

image-20250107-213345.png

Validate

Once authorization is complete, you can test the configuration by clicking on the Test Email Configuration button located at the bottom next to Save.

  • Sends a test email to the logged in user's email address to validate the SMTP OAuth settings.

  • Reads the inbox of the Approval Reply Address to validate the IMAP OAuth settings.

Setting Up Email Approvals

If you are using the same user for outgoing and incoming emails (recommended) then you can leave the top of the section titled IMAP Settings mostly blank like this:

Email Reply Options

  1. Email Reply Folder - This is the folder (can be a shared folder) that will have all mail processed and deleted from it by FlexDeploy. You cannot use the same folder for dev and prod FlexDeploy servers, as one of the servers will read and delete the mail, and the other will not get the mail. You could use one user account, as long as you use separate folders. Inbox is likely the value that you want. However, if you use Inbox, and test it with your personal email address, all your email will be irrecoverably lost.

  2. Approval Reply Address - This defaults to the same as the SMTP from address, and works with shared mailboxes. When users click reply to the emails FlexDeploy send, it should be routed into the folder that you specified above.

Validate

Once authorization is complete, you can test the configuration by clicking on the Test Email Configuration button located at the bottom next to Save.

  • Sends a test email to the logged in user's email address to validate the SMTP OAuth settings.

  • Reads the inbox of the Approval Reply Address to validate the IMAP OAuth settings.

 

If you authorized as the wrong user, you will get the error:

Bad User is Authenticated But Not Connected

If you get that, use an incognito tab to reauthorize as the correct user using the directions found Creating and connecting to an Office 365 email application compatible with FlexDeploy , and then test again. Similarly, if you authorized as one user and need to authorize as a different user in the same session, then make sure to sign out of Microsoft first (usually this would be signing out of https://portal.microsoftonline.com). You may also want to run just this step with FlexDeploy from on Incognito or inprivate browser. Otherwise, the first user’s credentials will automatically be used with the authorization instead of prompting you to login as the second user. You will see this error when testing the email configuration:

 

The following macros are not currently supported in the footer:
  • style