Click here to see other types of OAuth2 configurations, or follow this tutorial for a detailed step-by-step guide.
Setting up MS Graph API integration with EmailEngine
Follow these steps to integrate Outlook and MS365 email accounts with EmailEngine using OAuth2 and Microsoft Graph API:
Open Azure Portal
Go to the Azure Portal, where you will manage all settings and configurations for your Microsoft Graph API integration.Navigate to Microsoft Entra ID → App Registrations
This is where you will register your app in Azure. App registration allows your app to access Microsoft services like MS Graph for email accounts.Create a new app registration
Registering a new application creates a unique identity for your app, enabling it to access MS Graph API securely and interact with users' email accounts.Select a suitable Supported accounts type
Choose the appropriate account type based on your needs. To allow broader access, choose Accounts in any org and personal accounts, which supports both Microsoft 365 and personal Outlook accounts.Set the Redirect URI
Select Web as the platform and use your EmailEngine URL with the/oauth
path (e.g.,https://your-emailengine-url.com/oauth
). This allows Azure to send the OAuth2 response back to EmailEngine after successful authentication.Copy the Application (client) ID
In the application's overview page, find the Application (client) ID. This ID will be used as the Azure Application Id in EmailEngine’s OAuth form when configuring the Outlook integration.Add API Permissions
Navigate to API Permissions and click Add a permission. This step grants your app the necessary access to interact with users' Outlook and MS365 email accounts.Enable Microsoft Graph Permissions
- Select Microsoft Graph → Delegated permissions.
- Search for and enable the following permissions to allow your app to interact with the user's email:
- If you want to use IMAP and SMPT as the base scopes:
- IMAP.AccessAsUser.All (for IMAP access)
- SMTP.Send (for sending emails via SMTP)
- offline_access (for long-term access to accounts)
- If you want to use MS Graph API as the base scope:
- User.Read (for reading account properties)
- Mail.ReadWrite (for reading emails)
- Mail.Send (for sending emails)
- offline_access (for long-term access to accounts)
Create a client secret
Navigate to Certificates & Secrets and create a new client secret. The client secret is used by your app to authenticate with Azure. Choose an expiration period you are comfortable with. Note that once the secret expires, you'll need to generate a new one and update it in EmailEngine.Copy the client secret value
Once the client secret is generated, make sure to copy the Value of the secret (not the Secret ID). This value will be used as the Client Secret in EmailEngine's OAuth configuration.Create a new Outlook application in EmailEngine
Open EmailEngine and create a new Outlook OAuth2 application. This will establish the connection between EmailEngine and the Microsoft Graph API.Use the Application ID in EmailEngine
In the OAuth2 application form in EmailEngine, use the Application ID (from Azure’s dashboard) as the Azure Application Id.Use the client secret in EmailEngine
In the EmailEngine form, use the client secret value (the one you copied earlier) as the Client Secret. This allows EmailEngine to authenticate with Azure and access Outlook email accounts.Set the supported account types
In EmailEngine, set the Supported account types value. The option Common corresponds to the Accounts in any org and personal accounts option you selected during the Azure app registration process.Register the app in EmailEngine
Click Register app in EmailEngine to complete the integration. Your app is now configured to use the Microsoft Graph API for accessing Outlook and MS365 email accounts via IMAP and SMTP.