What O365 config changes are needed to allow Ricoh printer to send email using OAuth?

Question

What O365 config changes are needed to allow Ricoh printer to send email using OAuth?

Janet W 20

I have spent lots of hours attempting to get our Ricoh printers to send email to our domain emails in O365 using OAuth since simple authentication (which we used for a long time) will soon be deprecated. The Ricoh MFP device firmware has been updated to authenticate using Modern Authentication & same has been configured on the device, but I still have been unsuccessful in getting it to work.

We have registered an app in Azure/Entra and modified this app registration several times including adding a Mobile & Desktop application platform URI of https://login.microsoftonline.com/common/oauth2/nativeclient; API permissions of MicrosoftGraph - User.Read & Office 365 Exchange Online - Mail.Send & SMTP.SendApp (all granted Admin Consent); Enabled "Allow Public Client flows" in Authentication Settings. Also checked & confirmed that used user account has been granted SMTP AUTH permissions (same user account that worked with simple authentication). However, no Certificate or Client Secret was configured as I wasn't sure about that.

I am very unsure of what needs fixing, and I'm not really comfortable with changing multiple settings I don't fully understand for fear of breaking something else in a production environment. We're a small, non-profit entity and I could use some help.

Questions I'm wondering about:

Are additional Redirect URIs needed?
Are additional API permissions needed?
Is the client secret required?

After following the Ricoh provided instructions for OAuth authentication from their device, it does allow me to get the needed authentication code and copy & paste it into the Microsoft page and attempt to sign in with the user account used for the printers, but that's where it stops & authentication cannot be completed. It returns an error page stating that the "App for E-mail Send" needs admin approval. I've also logged into the account at Outlook.com just to verify that it can be logged into and is handling email (which it is).

Can anyone help shed light on what's wrong? Thanks in advance.

Answer accepted by question author

1 additional answer

Your answer

Answer 1

Hi @Janet W

Thanks for reaching out to the Microsoft Q&A forum

I truly appreciate you sharing the details of your situation.

After reviewing your case and conducting further research, I found that according to Ricoh’s guidance for enabling email sending with OAuth 2.0, you do not need to register an app in the Entra Admin Center. Instead, you can simply access the Ricoh Web Image Monitor (WIM) and configure OAuth 2.0 there.

Here is how you can access WIM: undefined

Once you have access, please follow this article for the next steps: Configure OAuth 2.0 for Sending Email when using O365 SMTP - Ricoh. This will guide you through enabling OAuth 2.0.

Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

The steps provided by Ricoh align with Microsoft documentation because this process uses the device code flow, which differs from your current approach. It relies on a pre-registered application from Ricoh.

undefined

Reference: OAuth 2.0 device authorization grant - Microsoft identity platform | Microsoft Learn

I hope this helps clarify the process and supports you in resolving the issue. Please feel free to reply if you have any updates or additional questions.

Thank you for your understanding.

Update – November 30, 2025:

Thank you, @Janet W, for sharing the foundational steps to complete the process for allowing a Ricoh printer to send emails using OAuth 2.0.

Before accessing the Ricoh Web Image Monitor (WIM) to configure OAuth 2.0 for sending email using O365 SMTP, you need to enable admin consent requests. This setting allows users to request admin consent for apps they cannot approve themselves. If the reviewer is a Global Admin, they will have the ability to grant the required admin consent.

undefined

Next, make sure Authenticated SMTP is enabled in the Manage Email Apps settings for the user account that will be used to authenticate during the OAuth 2.0 configuration in WIM.

For detailed instructions, please refer to the official Ricoh guide: https://kb.gsd.ricoh.com/app/answers/detail/a_id/297331/~/how-to-scan-to-email-with-microsoft-excha…

Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Janet W 20 Reputation points

2025-11-25T17:19:23.7833333+00:00

Thank you for your reply. I had actually tried the Ricoh steps in the document you linked to prior to registering and configuring an App in Entra, but based on your reply, I went into Entra and disabled the app I had registered, then went back to WIM on the Ricoh device and followed the steps again. I can successfully complete the process through step #12 (using an active M365 email address which has SMTP AUTH enabled as the device's administrator). In Step #13, when I attempt to sign into the browser window that appears with that same user, I get an error message stating "Need admin approval" (screenshot attached). I've tried to sign in as a Global Admin in another window using the link in the first error window, but then I get a new error saying "You don't have access to this" (screenshot attached). This is as far as I can get. I receive no emails or notifications asking for permission and I've looked around in our Entra environment and cannot easily see what I'm missing. I suspect something is not configured correctly with permissions, but I'm unsure where to fix it. Or, does the Administrator address used on the printer's fields of this process need to be a global admin's address? We really didn't want to use that. Thanks again for your help. Can I provide more info to help me solve this? Your input is much appreciated.
Janet W 20 Reputation points

2025-11-25T21:55:04.9133333+00:00

I am going to answer my own question below with the solution in case it helps someone else. Thanks again.

Answer 2

Janet W 20

My issue with this is now resolved. Our local Ricoh support consultant sent me a second Knowledge Base article he found regarding the settings needed at M365/Entra to allow this flow to work. I implemented the changes in the Supplement portion of the following KB, and found that the issue was that we did not have reviewers (Global Admins) turned ON and added to receive emails to give the non-admin user/app administrator consent for authentication. Once we changed that, everything worked. Here's the article:

https://kb.gsd.ricoh.com/app/answers/detail/a_id/297331/~/how-to-scan-to-email-with-microsoft-exchange-online-oauth-2.0-authentication

Vergil-V 7,555 Reputation points Microsoft External Staff Moderator

2025-11-25T23:20:05.74+00:00

Please note that our forum is a public platform, and we will modify your image to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.
Hi @Janet W
Thank you for sharing your update.

I’m glad to hear that your issue has been resolved. With your permission, I’d like to suggest updating the steps you discovered in my original answer to complete the solution. This would allow you to mark it as the accepted answer, helping highlight the response and making it easier for other members with similar situations to find the solution.

Thank you for your time and for contributing to the community.
Janet W 20 Reputation points

2025-11-26T14:56:09.6733333+00:00

You certainly have my permission to merge the steps if you can do so, and I'll gladly come back and mark it as the solution. While your answer was all things I had done, it did provide additional information that was helpful about understanding the code flow, and knowing that I could just get rid of the created app registration and it should work. It did take the additional steps given in the Supplement Section in the link I posted from Ricoh to ultimately fix it. If my comments need deleting after you fix your reply, I can do that as well. Thanks.
Vergil-V 7,555 Reputation points Microsoft External Staff Moderator

2025-11-30T16:57:28.6066667+00:00

Hi @Janet W
Thank you for sharing.

I truly appreciate that.

First of all, please keep your answer as it provides more context and perspective for other users, and it is also valuable as your contribution to the community.

I have updated my initial response to align with your solution. If you have a moment, please review it.

Once again, thank you for your time and your contribution.

Share via

What O365 config changes are needed to allow Ricoh printer to send email using OAuth?

1 additional answer

Your answer