Configuring Office365 for OAuth2 - EcoSys - Administration & Configuration - Hexagon

EcoSys System Administration

Language
English
Product
EcoSys
Search by Category
Administration & Configuration
EcoSys Version
9.0

The following are the minimal required steps to configure Office365 OAuth2 API. These steps are intended to be completed by someone who has experience configuring Office365/Azure.

To register a new App in Azure:

  1. In the Azure portal go to App registrations.

  2. Click the New registration button

  3. Enter a Name and choose Accounts in this organizational directory only (xyz only - Single tenant) for the Supported account types.

  4. Click the Register button.

  5. Once created, make a note of the following values on the Overview tab.

    1. Application (client) ID: This will be used in the mail.polling.pop3.oauth2.clientId server setting and in a later step to associate this register application with the office365 email box.

    2. Directory (tenant) ID: This will be used in the cloud.azure.tenantId server setting.

  6. Click on the Certificates & secrets link.

  7. Click the New client secret button.

  8. Enter a Description, set the Expires and click the Add button.

  9. Copy the Value which will be used in the mail.polling.pop3.oauth2.clientSecret server setting.

  10. Click the API permissions link and then click the Add a permission button.

  11. Click the APIs my organization uses tab.

  12. Search for ‘Office 365 Exchange Online’ and select it.

  13. Select Application permissions.

15. Expand the ‘POP’ section and check ‘POP.AccessAsApp’.

16. Click the Add Permissions button.

Admin consent is required for this permission. Make sure to grant it by clicking ‘Grant admin consent for …’ button. The permissions status will have a green check mark and describe the grant.

Create Service Principal and assign mailbox permissions

You can create Service Principal in Azure portal using Enterprise applications.

To create Service Principal:

  1. In the Azure portal go to Enterprise applications.

  2. Search for the application name created in the prior steps and select it.

  3. Copy the Object ID which will be used in executing the commands below.

The following steps use Powershell to associate the registered application to the Office365 mailbox.

  1. Import-Module ExchangeOnlieManagement

  2. Connect-ExchangeOnline -UserPrincipalName <admin username>

  3. New-ServicePrincipal -AppId <Application (client) ID> -ServiceId <Object ID>

  4. Add-MailboxPermission -Identity <email address whose mailbox will be read> -User <Object ID> -AccessRights FullAccess

Set up mailbox settings

Ensure the POP is configured for the email box.

  1. Go to office.com and click on Admin in the sidebar.

  2. Navigate to Users > Active users.

  3. Click on the email address whose mailbox will be used.

  4. Click on Manage mail apps.

    Ensure that POP is selected.