How to Setup O365 Accounts in SmarterTrack Using OAuth

This guide details the process required to set up standard and shared O365 POP/SMTP accounts in SmarterTrack using OAuth.

The SmarterTrack OAuth integration relies on an application that is currently published to the Azure Active Directory Enterprise Apps market, and can be approved during setup or beforehand by an administrator with access to those settings. This guide will be divided into two sections: standard OAuth account setup, and OAuth setup on shared mailboxes. Please note however that Microsoft/O365 does not support OAuth-based authentication to shared mailboxes for SMTP purposes, and authenticated SMTP is required to send ticket responses.

First, we’ll cover configuration of POP/SMTP on a standard user account on O365 that includes Exchange service access. The account used in this example is helpdesk@smartermonitor.onmicrosoft.com.  

General Prerequisites 

- You must have access to a full Organizational administrator account in O365 that includes access to admin.microsoft.com.  
- You must have access to the POP/SMTP service on the accounts you are looking to setup. 
- Your SmarterTrack server must be able to reach the internet and Microsoft’s authentication servers. 
- You must be running a version of SmarterTrack that supports OAuth based authentication. 

Prerequisites - Standard Account Configuration


Prerequisites - Delegate Permissions (Shared Mailbox)


OAuth Setup – Standard Account


To begin, log in to SmarterTrack using an administrator account and navigate to Settings>Email>POP to set up the incoming account: 

1. Click Add on the POP tab.  
2. Change the Authentication drop-down menu to OAuth2. 
3. Click Connect and use the pop-up window to authenticate with your O365 account. 
4. Click Accept on the permissions page to complete the OAuth process. 
5. Select final POP account setup details such as import frequency, department, etc. and save the new account. 
6. To setup the SMTP account you only to repeat these steps in Settings>Email>SMTP, though the OAuth token process will complete a little quicker due to SmarterTrack already having the authentication token stored. 

OAuth Setup – Shared Mailbox 


Next, we’ll set up a shared mailbox scenario that involves using OAuth to authenticate with a full delegate mailbox, but pull in email from a shared mailbox. In this example we will use OAuth to authenticate with a primary helpdesk@smartermonitor.onmicrosoft.com account that has both Send As, and Full Access permissions to a shared mailbox called support-smartertrack@smartermonitor.onmicrosoft.com as seen below: 
Before we begin, it is important to note once again that Microsoft’s current OAuth implementation only supports POP access to shared mailboxes. SMTP access to shared mailboxes will still require standard basic SMTP authentication which will need to be enabled explicitly for the required accounts, and requires the user/shared mailbox has been assigned an Exchange-capable license in O365. It has been seen in some cases it is possible to set a password for shared mailboxes and then authenticate via OAuth directly to the shared mailbox, but Microsoft has explicitly stated this is not supported and may be removed in the future as it is unintended. Once the shared mailbox permissions are setup and Authenticated SMTP has been enabled for it, go ahead and log in to SmarterTrack as an administrator and navigate to Settings>Email>POP to get started: 

1. Click Add on the POP tab.  
2. Change the Authentication drop-down menu to OAuth2. 
3. Click Connect and use the pop-up window to authenticate with the main (standard account) O365 account that has Send As permissions for your shared mailbox . 
4. Click Accept on the permissions page to complete the OAuth process. 
5. Change the Email Address field to match your shared mailbox address. 
6. Select final POP account setup details such as import frequency, department, etc. and save the new account. 

Now, because SMTP is not supported on shared mailboxes we’ll need to set that up a little differently, though the basic concept is essentially the same. To do this, we’ll be setting up an SMTP account configured to authenticate with the primary account, but send email as the shared mailbox. The following permissions must be enabled for the shared mailbox in O365:
To start, navigate to Settings>Email>SMTP and use these steps to complete the setup: 

1. Click Add to create a new SMTP account. 
2. Fill out the Server address (smtp.office365.com), Auth Username and Auth Password (primary account details),  
3. Change the Email Address field to match the shared mailbox address. 
4. Complete other fields and settings then save the new SMTP account.  
5. Edit your department settings to use the newly created SMTP account.  

 

Feedback

The SMTP instructions are incorrect. When using username/password auth, Smartertrack is unable to connect (even when using a app-password). Probably this instruction was written when username/password authentication was still allowed.

When connecting via OAuth the authenticated user is set as the FROM address, and the address field is read-only. However, then you're sending as the authenticated user which is undesireable. *However* if you change the e-mail address in the SmtpAccounts table in the database manually and then restart Smartertrack, the e-mails are coming from the expected e-mail address just fine!

Sebastiaan Dammann (11/16/2022 at 3:28 AM)