Difference between revisions of "How to configure OAuth2 Authentication for Microsoft Office 365 Mailbox integration"
(Changed links to citations with references.) |
|||
Line 162: | Line 162: | ||
=References= | =References= | ||
<references> | <references> | ||
− | <ref name="admin permission">{{cite web |url= | + | <ref name="admin permission">{{cite web |url=https://support.microsoft.com/en-gb/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353 }}</ref> |
<ref name="ms config">{{cite web |url=https://support.microsoft.com/en-gb/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353 |title=Microsoft's POP, IMAP, and STMP settings }}</ref> | <ref name="ms config">{{cite web |url=https://support.microsoft.com/en-gb/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353 |title=Microsoft's POP, IMAP, and STMP settings }}</ref> | ||
</references> | </references> | ||
* [[Troubleshooting issues occurring during the setup process.]] | * [[Troubleshooting issues occurring during the setup process.]] | ||
+ | * [[How would the Office365 administrator approve permission requests]] |
Revision as of 18:02, 16 June 2022
Introduction
In order to enable Hornbill to use OAuth 2.0 protocol to authenticate to Microsoft Office 365 for mailbox integration, a Hornbill Keysafe item is required that contains the OAuth authentication token. This is then used to configure any of Hornbill's integration components, namely the following
- Email's Outbound Mail Routing Smart Host Configuration, -or-
- Inbound Mail Service Components of the Shared Mailboxes.
The steps to configure this is the following:
- Create and link a Hornbill Keysafe
- Configure the Mail Service Component, either or both
- Outbound Mail Service via Smart Host Configuration
- Inbound Mail Service Component
- The POP3 service -or-
- The IMAP4 service
NOTE: Ensure that no Outlook, Hotmail, or any Microsoft-linked account is currently logged in. It is advisable to use Incognito/InPrivate/Private Mode or Window in the browser in performing this operation.
Hornbill Keysafe
As instructed by the Hornbill KeySafe page, create a keysafe whose type is Microsoft Office 365 Mail Connector. Once the keysafe is named and created, invoke the Connect button to initiate the authentication and generation of the OAuth authentication token.
Connect
Clicking the Connect button on the Key Details form, initiates the authentication of KeySafe to Microsoft Office365 servers. A new webpage should appear originating from Microsoft requesting the authentication/credentials of the account that will be used as the point of integration with Hornbill.
The following can be the series of steps.
- Page requesting for email address of account to use
- Page requesting the credentials for the account. This may include other multi-factor authentication mechanism.
- Page requesting permission to delegate rights from the account to the application. It can be any of the indicate pages.
- If an administrator permission is required then the actions in the page "How would the Office365 administrator approve permission requests" needs to be performed.
NOTE: Once administrator permission is given. Performing the same steps above would NOW be possible to complete.
Different pages that Microsoft can provide
Configuring Mail Service Components
Once an Office365 email account is integrated to Hornbill, the email account can be used to send email out or receive email from other entities, that can be processed by Hornbill.
To make this configuration,
- The first requirement is to create an Email Domains.
- The critical information is the Domain Name. This entry should be the same Office365 domain that Microsoft has assigned, (ie testdomain.onmicrosoft.com). The rest of the options can be set as indicated by the wiki-page Email Domains. If one desires to utilise Use SMTP SmartHost as the Outbound Routing Mode, please see the section #Outbound Mail Services via Smart Host for proper configuration of options.
- Once the route has been created, the next step to be created is the Shared Mailboxes.
- Then link an outbound mail route.
- A key point to remember when defining the link email address, use the email address linked to the Office365 account as the default address.
- After defining the linked address, proceed to create the desired #Inbound Mail Services to allow Hornbill to retrieve emails from the Office365 account.
Outbound Mail Services via Smart Host
To allow Hornbill to send emails as the linked Office365 account, SMTP SmartHost must be configured. To perform that, the following entries must have the indicated values.
Entry | Value |
---|---|
Host | smtp.office365.com |
Port | 587 |
Encryption | TLS(Transport Layer Security - RFC2595) |
Authentication Method | OAuth2 |
Email Address | The email address that was provided to Microsoft during KeySafe entry connection. See image |
Credentials | The keysafe entry that was created above |
- BOLD VALUES are exact values for the entries.
- Italic values are values to be supplied.
- Clicking the Test Connection button would check if the values are valid.
- See Microsoft's page for reference.<ref name="ms config"/>
Inbound Mail Services
To allow Hornbill to retrieve emails addressed to the linked Office365 account, either POP3 or IMAP4 service must be correctly defined. Please select one of the services. It is possible for the system to be configured to retrieve email from more than one Office365 account, provided that each account will require its own KeySafe entry. Even though it is possible, the system might not be able to fully identify the source account.
POP3 Services
To configure the POP3 service, the following must be the values for the entries,
Entry | Value |
---|---|
Service | POP3 |
Server | outlook.office365.com |
Port | 995 |
Encryption | TLS(Transport Layer Security - RFC2595) |
Authentication Method | OAuth2 |
Username | The email address that was provided to Microsoft during KeySafe entry connection. See image |
Credentials | The keysafe entry that was created above |
- Clicking the Test Connection button would check if the values are valid.
- See Microsoft's page for reference.<ref name="ms config"/>
IMAP4 Services
To configure the IMAP4 service, the following must be the values for the entries,
Entry | Value |
---|---|
Service | IMAP4 |
Server | outlook.office365.com |
Port | 993 |
Encryption | TLS(Transport Layer Security - RFC2595) |
Authentication Method | OAuth2 |
Username | The email address that was provided to Microsoft during KeySafe entry connection. See image |
Credentials | The keysafe entry that was created above |
- Clicking the Test Connection button would check if the values are valid.
- See Microsoft's page for reference.<ref name="ms config"/>
References
<references> <ref name="admin permission">Template:Cite web</ref> <ref name="ms config">Template:Cite web</ref> </references>