About Office 365 OAuth Configuration
In This Manual
This manual contains steps to configure eCASE to integrate with OAuth for sending emails from a system account. The steps to complete this configuration take place in three parts:
Register Application: Register your application through the Azure Portal.
Create Client Secret: Using the Azure Portal, create a Client Secret you will use for OAuth configuration.
API Permissions: Add appropriate API permissions to permit sending emails.
Prerequisites
The following are prerequisites for completing OAuth configuration:
OAuth configuration should be completed by a system administrator with the appropriate knowledge and access to complete all required steps.
Before beginning the configuration, you must create an Exchange mailbox in Office 365 (ex. noreply@Casepointtech.com). This email appears as the sender for all system messages from eCASE and is used to complete the configuration.
Register Application
The first step in OAuth configuration is to register your app. Follow the steps below to register the app in Azure:
Log in to portal.azure.com using the Exchange mailbox created as the eCASE system account.
Click App Registrations > New Registration. The Register an application screen appears:
Enter a (A) Name for the app in the field provided.
Under (B) Supported account types, the top option is selected by default. You may need to make a different selection depending on your organization’s needs.
Under (C) Redirect URL, enter “<Application Admin URL>/connectors/SMTP.aspx” where <Application URL> is replaced with your application’s admin URL.
Click Register to register the app.
The app is registered. The screen displays the (A) Application (client) ID and (B) Directory (tenant) ID. Copy both to your clipboard or otherwise save for later reference:
Register Application
Access eCASE Administration (eCASE > Settings > Connectors > eMail (SMTP)). The configuration screen appears as shown below:
Under (A) OAuth Client ID, enter the Application (client) ID from step 7.
Under (B) Tenant ID, enter the Directory (tenant) ID from step 7.
In the User Name field, enter the email address being used as the system account for this configuration (ex. noreply@ains.com).
Click Save to save the changes.
Create Client Secret
Next, you’ll follow the steps below to create a new Client Secret:
Within the Azure Portal, access your application, then access the Certificates & Secrets screen.
Click New Client Secret:
The Add a client secret screen appears. First enter a Description in the field provided. This is an internal description that is visible only to Admin users:
Use the Expires field to determine an expiration date based on your organization’s preference (with a 24-month maximum).
NOTE: Take a note of this expiration date, as this Client Secret will need to be renewed prior to the expiration for continuous operation.
Click Add to generate the Client Secret.
The Client Secret is successfully generated, and the secret appears as shown in the example below:
NOTE: Save the “Value” as this cannot be retrieved. You will need this to complete the configuration.
Copy the Value field to your clipboard.
Access eCASE Administration (eCASE > Settings > Connectors > eMail (SMTP)).
Copy the value obtained in step 7 into the Public Key (secret) field:
Click Save to save the changes.
API Permissions
The final step to enable OAuth is configuring API permissions:
Open the Azure Portal and access your application page, then click API permissions:
From the API Permissions screen click Add a Permission.
The Request API Permissions screen appears. Click Microsoft Graph:
Next click Application Permissions.
In the Select Permissions field, type “mail”.
Locate and expand the Mail permissions, then select Mail.Send:
Click Add Permissions to apply the selected permission.
The Administrator must grant these permissions. The Admin receives a notification to grant the requested permission and, once this permission is granted, the mailbox can send mail from the system account.