Send email with Microsoft (OAuth 2)
- 12 May 2022
- 1 minute to read
Send email with Microsoft (OAuth 2)
- Updated on 12 May 2022
- 1 minute to read
Article Summary
Share feedback
Thanks for sharing your feedback!
If you wish to enable Microsoft OAuth 2 authentication for your email connection then you will need to enable the OAuth 2 plugin on your Totara site and go to the Microsoft developer console to configure authentication.
- Go to the Microsoft Azure portal.
- Click New registration under App registrations.
- Give your app a name, e.g. 'Totara Email'.
- Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for Supported account types.
- Choose Web for Redirect URI.
- Add your site's URL appended with /admin/oauth2callback.php to the Redirect URLs section e.g. 'https://totaralearn.com/admin/oauth2callback.php'.
- Click Register.
- Take a note of the Application (client) ID.
- Select Authentication from the side menu.
- Ensure that the Implicit grant settings are disabled.
- Select API permissions from the side menu.
- Ensure that the User.Read and Mail.Send permissions are available under Office 365 Exchange Online, and if they are not then add them.
- Select Certificates & secrets from the side menu and click New client secret.
- Add a description, e.g. your app name (Totara Email), and select when the password/secret will expire.
- Copy the generated secret string value for use in Totara.
- In Totara go to Quick-access menu > Server > OAuth 2 services.
- Click Create a new custom service.
- Enter a name, e.g. 'Microsoft Email OAuth'.
- Enter the password generated in the Microsoft Azure portal as the Secret and the application ID as the Client ID.
- In Scopes included in a login request add the following: https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read
- In Scopes included in a login request for offline access add the following: https://outlook.office.com/SMTP.Send https://outlook.office.com/User.Read offline_access
- Uncheck Show on login page (it is recommended that you do not mix the email and login OAuth services).
- Click Save changes.
- Click the Configure endpoints icon for the new service.
- Click Create new endpoints, then add the following:
| Name | URL |
|---|---|
authorization_endpoint | https://login.microsoftonline.com/common/oauth2/v2.0/authorize |
token_endpoint | |
userinfo_endpoint | |
userpicture_endpoint |
- Return to the OAuth 2 services page.
- Click the User field mapping icon.
- Click Create new user field mapping, then add the following:
| External field name | Internal field name |
|---|---|
DisplayName | alternatename |
EmailAddress |
- Return to the OAuth 2 services page.
- Click the Connect to a system account icon.
- Click Continue.
- Sign in with your Microsoft email account that is used for your Totara email service.
- Accept the permissions in Microsoft.
- When Totara loads again, confirm that your email shows under the system account section.
- Go to Quick-access menu > Server > Email > Outgoing mail configuration.
- Change SMTP Auth Type to XOAUTH2.
- Change Oauth2 Service and choose the OAuth service you just created.
- Set SMTP Username to the email of the account used for sending email.
- Set SMTP Password to any random text. It must not be blank, but otherwise, it does not matter.
- Click Save changes.
© Copyright 2023 Totara Learning Solutions. All rights reserved.
Was this article helpful?