How to send email via Azure AD authentication

Veera Anjani Kumar Valivarthi 0 Reputation points
2023-03-28T04:53:11.53+00:00

I need a solution for an App (Java J2EE application) without user to login and send email (to any email inside and outside organisations).

The suggestion from various groups is to use Azure AD with shared mailbox in O365 and necessary permissions.

Could someone please provide a step by step guide on how/what to be done to achieve this. Appreciate if can provide any git location if this has already been done!!

There are confusions with saml2/openid. what is required?

Please note this is a backend application only and user is not involved!!

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,580 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,544 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Shweta Mathur 30,101 Reputation points Microsoft Employee
    2023-03-28T08:35:45.9133333+00:00

    Hi @Veera Anjani Kumar Valivarthi ,

    Thanks for reaching out.

    I understand you are trying to send email via Azure AD without user's login.

    For this you need to first register your application in Azure Active Directory and to get the access token with required permissions to send the mail using client credential flow (which do not require user's login).

    To get the permissions in the access token, assign the application permission 'Mail.Send' to your registered application and grant admin consent for the permission.

    User's image

    Use the client credential flow which does not require user interaction to get the access token.

    User's image

    You can validate the access token using jwt.ms to check the required roles.

    User's image

    Then you can use the access token to pass as bearer token in Authorization header to call Graph API endpoint https://graph.microsoft.com/v1.0/users/{userId}/sendMail to send to any email address.

    User's image

    As for SAML2/OpenID, these protocols are used for user authentication. Since you are sending emails without requiring user authentication, you do not need to use SAML2 or OpenID in this scenario.

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.
    0 comments No comments

  2. CarlZhao-MSFT 43,491 Reputation points
    2023-03-29T08:40:04.0066667+00:00

    Hi @Veera Anjani Kumar Valivarthi

    I know from your context that you are trying to send email on behalf of a user in the tenant. If you need some examples, then please refer to my sample code (using Graph Java SDK).

    Download dependencies (latest version) via Maven:

    <dependency>
      <groupId>com.microsoft.graph</groupId>
      <artifactId>microsoft-graph</artifactId>
      <version>5.51.0</version>
    </dependency>
    <dependency>
        <groupId>com.azure</groupId>
        <artifactId>azure-identity</artifactId>
        <version>1.8.1</version>
    </dependency>
    
    final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
            .clientId(clientId)
            .clientSecret(clientSecret)
            .tenantId(tenant)
            .build();
    
    final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(scopes, clientSecretCredential);
    
    final GraphServiceClient graphClient =
      GraphServiceClient
        .builder()
        .authenticationProvider(tokenCredentialAuthProvider)
        .buildClient();
    
    Message message = new Message();
    message.subject = "Meet for lunch?";
    ItemBody body = new ItemBody();
    body.contentType = BodyType.TEXT;
    body.content = "The new cafeteria is open.";
    message.body = body;
    LinkedList<Recipient> toRecipientsList = new LinkedList<Recipient>();
    Recipient toRecipients = new Recipient();
    EmailAddress emailAddress = new EmailAddress();
    emailAddress.address = "email address";
    toRecipients.emailAddress = emailAddress;
    toRecipientsList.add(toRecipients);
    message.toRecipients = toRecipientsList;
    LinkedList<Recipient> ccRecipientsList = new LinkedList<Recipient>();
    Recipient ccRecipients = new Recipient();
    EmailAddress emailAddress1 = new EmailAddress();
    emailAddress1.address = "email address";
    ccRecipients.emailAddress = emailAddress1;
    ccRecipientsList.add(ccRecipients);
    message.ccRecipients = ccRecipientsList;
    
    boolean saveToSentItems = false;
    
    graphClient.users("user id")
    	.sendMail(UserSendMailParameterSet
    		.newBuilder()
    		.withMessage(message)
    		.withSaveToSentItems(saveToSentItems)
    		.build())
    	.buildRequest()
    	.post();
    

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.