Microsoft OAuth for SMTP

Note A PDF file for end-to-end Azure OAuth configuration can be found here: Configuring Azure OAuth (PDF Download)

To configure integration between Azure and Process Director, you'll first need to create and register an Azure Active Directory (AAD) Application, if you do not have one. Please see the Configuring Azure for Process Director Integration topic for instructions on how to create and register an AAD Application.

Once the AAD Application has been registered, you'll need to perform some additional configuration to the AAD Application's settings in Azure.

First, in the Authentication area, you'll need to set the Allow public client flows property to: Yes (On)

Unfortunately, there are many factors that might impact the remaining AAD Application settings you'll need to use. Since that is so, you may wish to reference Microsoft's explanation of SMTP OAuth implementation.

Depending on your Azure installation, as well as your organization's policies, there are different configuration settings that you might need to implement, in order to enable your AAD application to enable Process Director to use OAuth to send mail messages. BP Logix cannot, therefore, definitively describe what settings might be required to make your Azure installation accept OAuth authentication, as we have no knowledge of, or access to, your Azure configuration.

Important We strongly recommend that you refer to the Microsoft documentation topic on this subject: How to set up a multifunction device or application to send emails using Microsoft 365 or Office 365.

We can provide some common configuration suggestions that have worked for our customers in the past, though we cannot guarantee that these settings will work with your specific Azure configuration.

  1. If it's available for your Azure installation, in the Office 365 Exchange Online section of the API Permissions area, you can set the permissions SMTP.AccessAsUser.All. This setting is not available for all installations. This setting seems to have been deprecated for recent installations of Azure, in lieu of #2, below.
  2. In the Office 365 Exchange Online area, enable the SMTP.SendAsApp property. You may also need to enable IMAP.SendAsUser.All to true.
  3. In the Microsoft Graph section of the API Permissions area, you can enable the following permissions: Microsoft.Graph Delegated SMTP.Send and Delegated User.Read.  
  4. For more comprehensive email access, you can set Microsoft.Graph Delegated IMAP.AccessAsUser.All.

If no combination of the settings above work for you, you may need to contact your Microsoft Azure technical support representative to assist you with configuring the correct AAD App permissions for your installation.

Information For more information on authentication permissions, please refer to the Microsoft Graph Permissions Reference from Microsoft. Please be aware that BP Logix has an extremely limited ability to assist you with troubleshooting your Azure installation or settings.

Once configured, you'll need to get the following properties from the AAD Application's settings to transfer to the corresponding OAuth settings for the "Office365/Microsoft OAuth" SMTP Authentication Type, which is found on the Properties page of the Installation Settings section of the IT Admin area.:

  1. SMTP Tenant ID

    1. The ID of the Azure Tenant in which the AAD Registered App resides (Creation of an AAD Registered App requires the existence of a Tenant)

    2. The Tenant ID is displayed as the Directory (tenant) ID property on the Overview page of your AAD Application in Azure, but this value will also be displayed following login.microsoft.com/... in the Endpoint URLs that the App references

  2. SMTP Client ID

    1. The ID of the AAD Registered App

    2. This value is displayed as the Application (client) ID property on the Overview page of your AAD Application.

  3. SMTP Secret

    1. The client secret or application password the administrator created to use with the AAD Registered App.

  4. UserID/Password

    1. Some installations may require that you provide a valid UserID and Password to connect to an email account on your system for sending mail messages, as part of the authentication.

Some Azure configurations may also be configured to require a specific email address be used to send all mails as the "From" email address. In that case, you will at least need to go to the Global Variables page and set the Workflow From Email Address property to the email address you've specified in Azure. You may also wish to set that email address for the Registered Email property on this page (Properties), as a backup to the Global Variables setting.

Important Be advised that, with this configuration, ALL email addresses sent from the system MUST use the specified email address as the From address. This means that any custom email addresses you configure elsewhere, such as the "From Email" property of a Email Data control in an email template, will not send email messages.