Setting up mailboxes for OAuth 2.0 authorization
Starting with version 8.5.107.xx, E-mail Server supports the OAuth 2.0 authorization protocol.
To set up mailboxes using the OAuth 2.0 authorization protocol:
- Follow all the steps as described in Microsoft Azure documentation to create an Azure application for the mailbox(es) that will be accessed by Genesys E-mail Server. Note that a single Azure application can support all mailboxes for the same company.
- In step 6 [where is step 6? I didn't see it],
- Select Accounts in any organizational directory (Any Azure AD directory – Multitenant).
- Leave the Redirect URI empty.
After the application is created, it should look similar to this (click to expand it):
Where, esj_office365_imap is the Azure application name. Pay attention to the Application (client) ID and the Directory (tenant) ID, which you will use later in the configuration.
If you open the Supported account types and Redirect URIs, it should look similar to this:
The Application ID URI should be empty:
Add Application Permissions
Read through this Permissions and consent in the Microsoft identity platform endpoint article to understand permissions and consent.
This is a good reference document Configure permissions for Microsoft Graph, although it focuses on getting permission for the Graph API. For IMAP and EWS, the application must have the following permissions granted by the Company Admin depending on the email protocols used:
(To confirm if SMTP is needed and POP3) - [Is this a step?]
Mailbox Setup
The mailbox has the following special settings in the company’s system:
- Mult-factor authentication is disabled on the mailbox.
- The IMAP protocol is enabled (if IMAP is used).
- The POP3 protocol is enabled (if POP3 is used).
- No need for the EWS protocol.