Login
    Contents x
    Send email with Microsoft (OAuth 2)
    • 05 Jun 2024
    • 1 minute to read
    Contents

    Send email with Microsoft (OAuth 2)

    • Updated on 05 Jun 2024
    • 1 minute to read
    Article summary

    If you wish to enable Microsoft OAuth 2 authentication for your email connection then you will need to enable the OAuth 2 plugin on your Totara site and go to the Microsoft developer console to configure authentication. 

    1. Go to the Microsoft Azure portal.
    2. Click New registration under App registrations.
    3. Give your app a name, e.g. 'Totara Email'.
    4. Select Accounts in any organizational directory (Any Azure AD directory - Multitenant) for Supported account types.
    5. Choose Web for Redirect URI.
    6. Add your site's URL appended with /admin/oauth2callback.php to the Redirect URLs section e.g. 'https://totaralearn.com/admin/oauth2callback.php'.
    7. Click Register.
    8. Take a note of the Application (client) ID.
    9. Select Authentication from the side menu.
    10. Ensure that the Implicit grant settings are disabled.
    11. Select API permissions from the side menu.
    12. Ensure that the SMTP.Send and offline_access permissions are available under Microsoft Graph, and if they are not then add them as delegated permissions.
    13. Select Certificates & secrets from the side menu and click New client secret.
    14. Add a description, e.g. your app name (Totara Email), and select when the password/secret will expire.
    15. Copy the generated secret string value for use in Totara.
    16. In Totara go to Quick-access menu > Server > OAuth 2 > OAuth 2 consumer details.
    17. Click Create a new custom service.
    18. Enter a name, e.g. 'Microsoft Email OAuth'.
    19. Enter the password generated in the Microsoft Azure portal as the Secret and the application ID as the Client ID.
    20. In Scopes included in a login request enter any value. This field is not used, but a value must be provided.
    21. In Scopes included in a login request for offline access add the following:
      https://outlook.office.com/SMTP.Send offline_access
    22. Uncheck Show on login page (it is recommended that you do not mix the email and login OAuth services).
    23. Click Save changes.
    24. Click the Configure endpoints icon for the new service.
    25. Click Create new endpoints, then add the following:
    Name
    		URL

    authorization_endpoint

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize

    token_endpoint

    https://login.microsoftonline.com/common/oauth2/v2.0/token

    1. Return to the OAuth 2 services page.
    2. Click the Connect to a system account icon.
    3. Click Continue.
    4. Sign in with your Microsoft email account that is used for your Totara email service.
    5. Accept the permissions in Microsoft.
    6. Go to Quick-access menu > Server > Email > Outgoing mail configuration.
    7. Change SMTP Auth Type to XOAUTH2.
    8. Change Oauth2 Service and choose the OAuth service you just created.
    9. Set SMTP Username to the email of the account used for sending email.
    10. Set SMTP Password to any random text. It must not be blank, but otherwise, it does not matter.
    11. Click Save changes.

    © Copyright 2024 Totara Learning Solutions. All rights reserved.

    Was this article helpful?
    What's Next
    Follow us

    © Copyright 2024 Totara Learning Solutions. All rights reserved. Some content originally obtained via GPLv3 license and continues to be available under GPLv3. All other content is the sole copyright of Totara Learning Solutions.

    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout