In This Manual
This document describes the steps required to configure PAL to integrate with OAuth for sending email messages from a system account. The configuration process consists of three main phases:
Register Application: Register the application in the Azure Portal
Create Client Secret: Generate a client secret in the Azure Portal for OAuth authentication
API Permissions: Assign the required API permissions to allow email delivery
Prerequisites
The following prerequisites must be met before beginning the OAuth configuration:
OAuth configuration must be performed by a system administrator with sufficient permissions and familiarity with Azure and Office 365
An Exchange mailbox must be created in Office 365 prior to configuration (for example, noreply@Casepointtech.com). This mailbox is used as the sender address for all systemgenerated email messages from PAL and is required to complete the setup
Application Registration
The first step in the OAuth configuration process is to register the application in Azure. Complete the following steps:
Log in to the Azure Portal (https://portal.azure.com) using the Exchange mailbox created for the PAL system account.
Navigate to App registrations and select New registration. The Register an application page is displayed.
Enter a name for the application in the Name field.
Under Supported account types, the default option is selected automatically. Modify this selection if required based on your organization’s configuration.
In the Redirect URI section, enter the following value: <Application Admin URL>/connectors/SMTP.aspx, where <Application Admin URL> represents your application’s administrative URL.
Click Register to create the application.
After registration is complete, the Application (client) ID and Directory (tenant) ID are displayed. Copy and save both values for later use.
Access General Settings
The Mail Server Configuration section is displayed
In the OAuth Client ID field, enter the Application (client) ID obtained in step 7.
In the Tenant ID field, enter the Directory (tenant) ID obtained in step 7.
In the Email Address field, enter the email address of the system account used for this configuration (for example, noreply@ains.com).
12.Click Save to apply the changes.
Client Secret Creation
After registering the application, create a client secret by completing the following steps:
In the Azure Portal, open the registered application and navigate to Certificates & secrets.
Click New client secret.
On the Add a client secret page, enter a description for the secret. This description is for administrative reference only.
Use the Expires field to select an expiration date based on your organization’s security requirements (up to a maximum of 24 months).
NOTE: Record the expiration date. The client secret must be renewed before it expires to avoid service disruption.
Click Add to generate the client secret.
Once generated, the client secret is displayed.
Copy the Value field and store it securely.
NOTE: This value cannot be retrieved again after you leave the page.
Access Mail Server Configuration from General Settings.
Paste the copied value into the Secret Key field.
Click Save to apply the changes.
API Permissions Configuration
The final step in enabling OAuth authentication is configuring the required API permissions:
In the Azure Portal, open the registered application and select API permissions.
Click Add a permission.
On the Request API permissions page, select Microsoft Graph.
Choose Application permissions.
In the Select permissions field, enter mail.
Expand Mail permissions and select Mail.Send.
Click Add permissions to apply the selection.
An administrator must grant consent for the requested permissions. Once approval is granted, the system account mailbox is authorized to send email messages using OAuth authentication.