Office 365 OAuth2

Migrating to OAuth for Office 365 Mail in RunMyProcess

Microsoft is retiring Basic Authentication for Office 365. For details, see the official announcement: https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-retire-basic-auth-for-client-submission-smtp-auth/4114750

Overview

To use OAuth with the Office 365 Mail provider, you will need to change the way emails are currently sent in your workflows. This approach requires creating two connectors:

  • One connector to obtain the OAuth access token
  • One connector to send the email using that token

These connectors can be invoked either from a subprocess or via a CAPI.

Below are the steps to accomplish this.

Azure AD Setup

1. Register an Application Go to Azure Portal → Azure Active Directory → App registrations → New registration and select Single tenant.

2. Grant Permissions Go to API permissions → Add permission → Microsoft Graph → Application permissions and add: Mail.Send Then click Grant admin consent.

3. Create a Client Secret Go to Certificates & secrets → New client secret.

Note: The access token has a configurable expiration time. We recommend selecting a long duration to avoid frequent updates. Copy the Value immediately after creation.

4. Retrieve Your Tenant ID Locate your Tenant ID from the Azure Active Directory overview page.

Get the Access Token

Token endpoint: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

Request parameters:

Response:

{
  "token_type": "Bearer",
  "expires_in": 3599,
  "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIs..."
}

Send the Email

Use the access token in an HTTP connector to call Microsoft Graph.

Endpoint: https://graph.microsoft.com/v1.0/users/sender@yourdomain.com/sendMail

Headers:

  • Authorization: Bearer ACCESS_TOKEN
  • Content-Type: application/json

Payload:

{
  "message": {
    "subject": "Test mail",
    "body": {
      "contentType": "Text",
      "content": "Hello from raw HTTP"
    },
    "toRecipients": [
      {
        "emailAddress": {
          "address": "recipient@example.com"
        }
      }
    ]
  }
}

Important Note

The sender user (sender@yourdomain.com) must:

  • Have an Exchange Online mailbox
  • Be licensed (Exchange Online or Microsoft 365)

    • Related Articles

    • Updating Certificates for SSO with SAMLv2

      When using SSO with SAMLv2 as the authentication method, you may encounter temporary access issues after updating your certificate. To ensure a smooth transition, keep the following in mind: Key Points to Remember Certificate propagation time After ...

    • Troubleshooting Connection Issues with DSEC

      If you are experiencing connection issues with your DSEC agent, follow these steps to resolve the problem: Step 1: Restart the DSEC Agent Begin by restarting your DSEC agent. This simple step often resolves minor connection issues. Step 2: Consult ...

    • Resolving Gmail SMTP Error

      If you're encountering the following error when attempting to send a notification via Gmail as an SMTP provider: "Service Unavailable (503) - 535-5.7.8 Username and Password not accepted," it’s likely due to recent changes in Google’s security ...