Send email with Microsoft (OAuth 2)
  • 12 May 2022
  • 1 minute to read

Send email with Microsoft (OAuth 2)


Article Summary

If you wish to enable Microsoft OAuth 2 authentication for your email connection then you will need to enable the OAuth 2 plugin on your Totara site and go to the Microsoft developer console to configure authentication. 

  1. Go to the Microsoft Azure portal.
  2. Click New registration under App registrations.
  3. Give your app a name, e.g. 'Totara Email'.
  4. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for Supported account types.
  5. Choose Web for Redirect URI.
  6. Add your site's URL appended with /admin/oauth2callback.php to the Redirect URLs section e.g. 'https://totaralearn.com/admin/oauth2callback.php'.
  7. Click Register.
  8. Take a note of the Application (client) ID.
  9. Select Authentication from the side menu.
  10. Ensure that the Implicit grant settings are disabled.
  11. Select API permissions from the side menu.
  12. Ensure that the User.Read and Mail.Send permissions are available under Office 365 Exchange Online, and if they are not then add them.
  13. Select Certificates & secrets from the side menu and click New client secret.
  14. Add a description, e.g. your app name (Totara Email), and select when the password/secret will expire.
  15. Copy the generated secret string value for use in Totara.
  16. In Totara go to Quick-access menu > Server > OAuth 2 services.
  17. Click Create a new custom service.
  18. Enter a name, e.g. 'Microsoft Email OAuth'.
  19. Enter the password generated in the Microsoft Azure portal as the Secret and the application ID as the Client ID.
  20. In Scopes included in a login request add the following: https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read
  21. In Scopes included in a login request for offline access add the following: https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read offline_access
  22. Uncheck Show on login page (it is recommended that you do not mix the email and login OAuth services).
  23. Click Save changes.
  24. Click the Configure endpoints icon for the new service.
  25. Click Create new endpoints, then add the following:
Name
URL

authorization_endpoint

https://login.microsoftonline.com/common/oauth2/v2.0/authorize

token_endpoint

https://login.microsoftonline.com/common/oauth2/v2.0/token

userinfo_endpoint

https://outlook.office.com/api/v2.0/me/

userpicture_endpoint

https://outlook.office.com/api/v2.0/me/photo

  1. Return to the OAuth 2 services page.
  2. Click the User field mapping icon.
  3. Click Create new user field mapping, then add the following:
External field name
Internal field name

DisplayName

alternatename

EmailAddress

email

  1. Return to the OAuth 2 services page.
  2. Click the Connect to a system account icon.
  3. Click Continue.
  4. Sign in with your Microsoft email account that is used for your Totara email service.
  5. Accept the permissions in Microsoft.
  6. When Totara loads again, confirm that your email shows under the system account section.
  7. Go to Quick-access menu > Server > Email > Outgoing mail configuration.
  8. Change SMTP Auth Type to XOAUTH2.
  9. Change Oauth2 Service and choose the OAuth service you just created.
  10. Set SMTP Username to the email of the account used for sending email.
  11. Set SMTP Password to any random text. It must not be blank, but otherwise, it does not matter.
  12. Click Save changes.

© Copyright 2024 Totara Learning Solutions. All rights reserved.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.