- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-28-2020 10:15 AM
Hello Community,
Has anyone had any success connecting their instance mail account to a Azure cloud hosted Office365 IMAP or SMTP server while using Oauth 2.0 for authentication? I've followed the docs (steps below) and gotten as far as getting an access token returned, but the "Test Connection" still fails authentication. I suspect the problem may be with the Oauth scopes I'm requesting and/or some setup missing on the Office365 side. The problem is the docs aren't very specific to Office365, and I can't find any definitive walk-thrus on the Office365 side in terms of setting up the application there (and not a lot on Communities dealing with Oauth and IMAP/SMTP). Add to that a basic lack of detailed debugging (why was the authentication failed?) and I'm stuck.
Thanks in advance,
Davin
These are the steps taken (referencing https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/administer/notification/task/t_SetUpOAuth2ForEmail.html )
First installed the "Email - OAUTH support for IMAP and SMTP" plugin, then:
1. In the Azure Office 365 side created an application scope for the ServiceNow instance including the redirect URI for the instance. Also obtained the Client ID, Client Secret, authorization URLs needed for next step.
2. In the instance, created an System Oauth > Application Registry entry for the Office 365 instance.
3. Created Oauth Entity Profile and scopes under the Application Registry. I'm using: Mail.ReadWrite, profile, email, Mail.Send, openid, offline_access for scopes
4. Created an entry in System Mailboxes > Email Accounts for IMAP and SMTP services, selecting Oauth 2.0 as auth type and the right application scope
5. Clicked the "Authorize Email Account Access" button. Entered the Office 365 user credentials in the tab that opened and authorized access. When the email account screen refreshes, I noted a message about Oauth Refresh Token expiring soon.
6. Noted that a new record is created in System Oauth > Manage Tokens. So it's clearly communicating!
7. Clicking the Test Connection link results in authentication failed: (Account name: Office 365 IMAP, Type: imap, sys_id: f25687e51be6401409114229bc4bcbb0) Email account connection test completed with result: error, msg: Connection failed: AUTHENTICATE failed. (screenshot).
Solved! Go to Solution.
- 20,777 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-02-2020 08:31 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-03-2020 09:55 AM
I'm trying to figure out a very similar issue with this integration. By chance did you figure it out on your own?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-06-2020 10:15 AM
Thanks,
Davin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-10-2020 12:13 AM
The token you have generated, for what scope it is?
I have similar issue and open ticket with support but it looks like I am not getting token for any other scope than "User.Read". I suppose the scope must point to relevant consent assigned to application and should be related to "Mail" or "IMAP".
MSFT confirmed this on stackoverflow almost a year ago
https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2
Unfortunately the instructions were archived.
I also found this thread on stack:
which is probably resolution, but I can't confirm now it works on my end.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-10-2020 10:53 AM
Hello Pawel, the scopes we have tried are:
Mail.ReadWrite
Mail.Send
offline_access
openid
profile
However, bear in mind we've abandoned our effort until Microsoft and/or SNow improves support around this. These scopes don't necessarily work and probably include more than is needed. In the second link you shared, it seems Microsoft are saying they are working on Oauth support for Office 365, but I presume it's not there yet.
Thanks,
Davin