Pre-requisites for Authenticating Email Alerts Using OAuth

Before selecting OAuth2.0 as the Authentication type, make sure you do the following:

  • Create an App on Azure AD, which will be used to authenticate email alerts sent by eG manager to Office 365;

  • Assign a client secret to the App, so it can prove its identity when requesting a token from Office 365;

  • Allow the App to read user profile and send emails to Office 365 as any user

The steps for achieving each of these requirements are detailed below.

Creating an App on Azure AD for OAuth

To achieve this, do the following:

  1. Open a browser, connect to the Azure portal using the URL: https://portal.azure.com, and then login to the portal by providing valid credentials. Figure 1 will then appear.

    Figure 1 : The Home page of the Azure portal

  2. From the FAVORITES menu options in the left panel, pick the Azure Active Directory option (see Figure 2).

    Figure 2 : Picking the Azure Active Directory option from the FAVORITES menu

  3. When Figure 3 appears, select the App Registrations option from the left panel of Figure 3.

    Figure 3 : Selecting the App Registrations option

  4. Next, pick the + New Registration option (see Figure 4).

    Figure 4 : Picking the New Registration option

  5. When Figure 5 appears, specify the user-facing display name for the new application against Name. Then, proceed to indicate that only a single tenant should access the new app. For that, select the Accounts in this organizational directory only option in Figure 5. Then, click the Register button.

    Figure 5 : Registering the new application

  6. Figure 6 then appears displaying the details of the new app that you registered. Azure AD auto-generates and assigns a client ID for the app, which will also be displayed in Figure 6. Make a note of the client ID, by copying it from Figure 6 and pasting it to a text file.

    Figure 6 : Making note of the client ID of the app

Assigning a Client Secret to the App

After making note of the client ID, do the following to assign a client secret to the app:

  1. From the list of options in the left panel of Figure 6, select the Certificates & Secrets option (see Figure 7 to zoom into the list of menu options).

    Figure 7 : Selecting the Certificates & Secrets option

  2. Figure 8 will then appear. Click the + New client secret button in Figure 8.

    Figure 8 : Clicking the New client secret button

  3. Figure 9 then appears. The app name will be displayed against Description. Indicate that the client secret you wish to assign to this app should never expire by picking the Never option under Expires. Finally, click the Add button in Figure 9 to add the client secret.

Figure 9 : Configuring the client secret to never expire

  1. Clicking on the Add button in Figure 9 will invoke Figure 10, where the auto-generated client secret will be displayed. Make note of the client secret by copying it from here and pasting it into the same text file where the client ID was copied.

    Figure 10 : The client secret displayed

  2. Then, click on the Overview option in Figure 7. The Basic Information pertaining to the new app will then be displayed (see Figure 11). The Tenant ID, indicating which tenant has access to the app, will also be displayed as part of the basic details. Make a note of the Tenant ID by copying it from Figure 11 and pasting it to the same text file where the client ID and secret are stored.

    Figure 11 : Copying the Tenant ID

Granting Mail Send and User Read Permissions to the New App

Once the client ID, client secret, and tenant ID for the new app are available, do the following:

  1. From the list of menu options in Figure 7, select the API permissions option.

  2. When Figure 12 appears, click on the Microsoft Graph link its right panel.

    Figure 12 : Clicking on the Microsoft Graph link

  3. This will open Figure 13. Click on the Application permissions option in Figure 13. Then, in the search box under the Select permissions section, type the string Mail.Send, and click the magnifying glass icon alongside to search for that permission. In the search results, look for the Mail.Send permission that allows mails to be sent as any user. Once that permission is visible, select it and then click the Add permissions button to add that permission to the app.

    Figure 13 : Granting Mail Send permissions to the new app

  4. Similarly, add the User.Read permission to the app, so that the app can sign in and read the user profile. For that, first click the Delegated permissions option as indicated by Figure 14. Then, search for the User.Read permission, by specifying that permission as a search string in the search text box under Select permissions. Click on the magnifying glass icon to look for the specified permission. Once it appears in the search results, select it and click the Add permissions button (see Figure 14).

    Figure 14 : Assigning the User.Read permission to the new app

  5. Finally, when Figure 15 appears, you will find that the Mail.Send permission and the User.Read permission are listed under the Microsoft Graph link. Now, click on the Grant admin consent for oauth option in Figure 15 to grant admin consent to the oauth app you have created for using both the permissions.

    Figure 15 : The Microsoft Graph link displaying the User.Read and Mail.Send permissions