Microsoft Office 365 Email with OAuth
HTTPS Required – Microsoft mandates that the requesting application be hosted over HTTPS. A FlexDeploy installation using only HTTP will not be able to support Microsoft OAuth.
Prerequisites
See Creating and connecting to an Office 365 email application compatible with FlexDeploy for directions to create a suitable application in Azure and connect it with FlexDeploy. Then resume with next section when ready.
Update FlexDeploy System Settings
Outgoing Email Settings
Next, go to System Settings → Email Settings and select OAuth for the outgoing and incoming auth types.
User Name - This must match the user who completed the Authorize action for Microsoft Azure application on the System Settings - Integration Settings page.
OAuth Application - Choose the OAuth application you just created.
From Address - The user must have permission to send from this address, or it won’t work. This can be a shared mailbox.
Incoming Email Settings
If you are using the same user for outgoing and incoming emails (recommended) then you can leave the top of the section titled Incoming Email Settings mostly blank. Follow notes provided on Description of each setting.
Email Reply Options
Email Reply Folder - This is the folder (can be a shared folder) that will have all mail processed and deleted from it by FlexDeploy. You cannot use the same folder for dev and prod FlexDeploy servers, as one of the servers will read and delete the mail, and the other will not get the mail. You could use one user account, as long as you use separate folders. Inbox is likely the value that you want. However, if you use Inbox, and test it with your personal email address, all your email will be irrecoverably lost.
Approval Reply Address - This defaults to the same as the From Address, and works with shared mailboxes. When users click reply to the emails FlexDeploy send, it should be routed into the folder that you specified above.
Validate
Once authorization is complete, you can test the configuration by clicking on the Test Email Configuration button located at the bottom next to Save.
Sends a test email to the logged in user's email address to validate the Outgoing OAuth settings.
Reads the inbox of the Approval Reply Address to validate the Incoming OAuth settings.
If you authorized as the wrong user, you will get the error:
Bad User is Authenticated But Not Connected
If you get that, use an incognito tab to reauthorize as the correct user using the directions found Creating and connecting to an Office 365 email application compatible with FlexDeploy , and then test again. Similarly, if you authorized as one user and need to authorize as a different user in the same session, then make sure to sign out of Microsoft first (usually this would be signing out of https://portal.microsoftonline.com). You may also want to run just this step with FlexDeploy from on Incognito or inprivate browser. Otherwise, the first user’s credentials will automatically be used with the authorization instead of prompting you to login as the second user. You will see this error when testing the email configuration:
- style