How to set up oAuth 2.0 for outlook

Hello,

I am experiencing the same problem and can't believe there is a 16 step process to setting this up (I cant even get through number 3.) is this really the only way to enable this connection to continue?

I have never heard of Azure AD and it seems we have to subscribe and a pay a fee to use it?

Any further help would be very much appreciated!

Hello Eleni,

I understand you cannot advise me on the side of Fern however, I want to clarify something. Does the procedure you listed out for me work for apps who are not integrated/already present in the Azure AD and Enterprise Apps in Entra?

Best,

Hello Matilda,

Thank you for providing more information. I'll guide you through the process in more detail.

Clarifications:

1. You're using Classic Outlook.
2. MFA is enabled for your Microsoft account.
3. You're likely using Microsoft 365 (M365).
4. FERN is not configured for SMTP (you'll need to check with your IT administrator or FERN documentation).

Azure AD and Enterprise Apps in Entra are related but distinct concepts:

• Azure AD is Microsoft's identity and access management service.
• Enterprise Apps in Entra (formerly Azure AD Enterprise Applications) is a portal for managing enterprise applications integrated with Azure AD.

Azure AD and Entra ID refer to the same identity service, so you’re looking in the right place. Since FERN is not listed under Enterprise Applications, you’ll need to register it:

To register FERN with Azure AD:

1. Go to the Azure portal ([link unavailable]).
2. Sign in with your Microsoft account.
3. Navigate to Azure Active Directory > App registrations > New registration.
4. Enter a name for your FERN application.
5. Choose "Accounts in this organizational directory only" and select your M365 domain.
6. Set the redirect URI (Web) to `(link unavailable) and register.

Configuring Permissions for FERN:

1. Under Manage, click on API permissions.
2. Click on Add a permission, select Microsoft APIs, then choose Outlook API.
3. Add the necessary delegated permissions (e.g., Mail.ReadWrite, Mail.Send).

Getting Client ID and Secret:

1. Note down the Application (client) ID.
2. Under Certificates & secrets, generate a new client secret.

Implementing OAuth 2.0 in FERN:

You'll need to modify FERN's configuration to use OAuth 2.0. Consult FERN's documentation or contact their support for guidance on:

1. Implementing the OAuth 2.0 authorization flow.
2. Using the client ID, client secret, and access token.
3. Encoding and transmitting the access token using SASL XOAUTH2 format.

Additional Steps:

1. Ensure FERN is configured to use SMTP protocol.
2. Update FERN's configuration with the client ID, client secret, and access token.

If you're still unsure about any steps, consider consulting with your IT administrator or create a service request Get Support - Microsoft 365 Admin |Microsoft Learn so we can assist you further in real time.

Thank you for your patience and cooperation. I look forward to working to resolve your issue once your service request is opened. Have a great day.

Best regards,

Eleni | Microsoft Community Moderator.

Hello Eleni,

To answer your questions:

I have classic outlook

MFA is enable for the microsoft account

I am not sure but either exchange or M365, probably M365

I am not sure how to check if fern is configured for smtp. I think it is possible though

I am not sure is azure active directory is the same as enterprise apps in Entra, but fern is not there

With this information, can you advise me in more detail?

Hello Matilda,

Good day!

Thanks for reaching out. I understand that you're experiencing authentication issues when transmitting files through Microsoft Server using FERN or Payroll Manager, resulting in error messages indicating that the client isn't authenticated or basic authentication is disabled. You've identified that Outlook's two-step verification, which requires a security code sent to a cell phone or another email, is likely causing the issue.

To better understand the problem, can you please clarify:

1. What version of Outlook do I have? - Microsoft Support

2. Have you enabled multi-factor authentication (MFA) for your Microsoft account?
3. Are you using Exchange, Office 365, or a different email service?
4. Are the FERN and Payroll Manager tools configured to use SMTP or another protocol?

5 Have you already registered your application with Azure Active Directory (Azure AD)?

Here’s why this is happening: Microsoft has disabled basic authentication for security reasons. Instead, they recommend using OAuth 2.0, which provides a more secure way to authenticate.

Register Your Application with Azure Active Directory (Azure AD):

• Go to the Azure portal.
• Select Azure Active Directory > App registrations > New registration.
• Enter your application name.
• Choose the supported account types.
• Set the redirect URI (Web) to https://login.microsoftonline.com/common/oauth2/nativeclient and register.

Configure Permissions for Your Application:

• Under Manage, click on API permissions.
• Click on Add a permission, select Microsoft APIs, then choose Outlook API.
• Add the necessary delegated permissions (e.g., Mail.ReadWrite).

Get Client ID and Secret:

• After registration, note down the Application (client) ID.
• Under Certificates & secrets, generate a new client secret.

Implement OAuth 2.0 Authorization in Your App:

• Your app must implement the OAuth 2.0 authorization flow. Redirect users to the Microsoft identity platform endpoint (https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize) with parameters like client_id, response_type (‘code’), scope (‘https://outlook.office.com/Mail.ReadWrite’), redirect_uri, etc.
• After user consent, they will be redirected back with an authorization code.
• Your app should then exchange this code for an access token

Update Your Application’s Configuration:

• Use the client ID, client secret, and access token in your application’s configuration settings.
• Ensure your application uses the SASL XOAUTH2 format to encode and transmit the access token.

For more detailed instructions, you can refer to the Microsoft documentation on OAuth 2.0

Note*: Please understand that our initial reply may not always resolve the issue immediately. However, with your help and more detailed information, we can work together to find a solution.*

If this issue still persists after trying the following steps, it might be best to contact your IT administrator to create a support request - Get Support - Microsoft 365 Admin |Microsoft Learn so you can get real time assistance. Our technical experts have access to advanced tools and resources that allow them to thoroughly investigate issues, collect logs, and perform remote sessions to configure your settings. This approach will provide the most effective solution. Rest assured, I will keep an eye on the progress and follow up to ensure a permanent solution office.com after you open a service request.

Thank you for your patience and cooperation. I look forward to working to resolve your issue once your service request is opened. Have a great day.

Best regards,

Eleni | Microsoft Community Moderator.