- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-28-2020 10:15 AM
Hello Community,
Has anyone had any success connecting their instance mail account to a Azure cloud hosted Office365 IMAP or SMTP server while using Oauth 2.0 for authentication? I've followed the docs (steps below) and gotten as far as getting an access token returned, but the "Test Connection" still fails authentication. I suspect the problem may be with the Oauth scopes I'm requesting and/or some setup missing on the Office365 side. The problem is the docs aren't very specific to Office365, and I can't find any definitive walk-thrus on the Office365 side in terms of setting up the application there (and not a lot on Communities dealing with Oauth and IMAP/SMTP). Add to that a basic lack of detailed debugging (why was the authentication failed?) and I'm stuck.
Thanks in advance,
Davin
These are the steps taken (referencing https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/administer/notification/task/t_SetUpOAuth2ForEmail.html )
First installed the "Email - OAUTH support for IMAP and SMTP" plugin, then:
1. In the Azure Office 365 side created an application scope for the ServiceNow instance including the redirect URI for the instance. Also obtained the Client ID, Client Secret, authorization URLs needed for next step.
2. In the instance, created an System Oauth > Application Registry entry for the Office 365 instance.
3. Created Oauth Entity Profile and scopes under the Application Registry. I'm using: Mail.ReadWrite, profile, email, Mail.Send, openid, offline_access for scopes
4. Created an entry in System Mailboxes > Email Accounts for IMAP and SMTP services, selecting Oauth 2.0 as auth type and the right application scope
5. Clicked the "Authorize Email Account Access" button. Entered the Office 365 user credentials in the tab that opened and authorized access. When the email account screen refreshes, I noted a message about Oauth Refresh Token expiring soon.
6. Noted that a new record is created in System Oauth > Manage Tokens. So it's clearly communicating!
7. Clicking the Test Connection link results in authentication failed: (Account name: Office 365 IMAP, Type: imap, sys_id: f25687e51be6401409114229bc4bcbb0) Email account connection test completed with result: error, msg: Connection failed: AUTHENTICATE failed. (screenshot).
Solved! Go to Solution.
- 20,808 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-02-2020 08:31 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2020 08:15 AM
It turns out that, the SSL/TLS connection was failing, as the "private key password" AND "keystore password" weren't the same in the Certificate Store (Java Key Store).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-21-2020 08:28 AM
Hi Murugan,
I am also having the same issue with OAuth 2.0. SMTP is working fine but Test Connection for IMAP throws Authentication Failed error message.
We are using O365/Azure.
Where are "private key password" and "keystore password" stored? in ServiceNow or Exchange/Azure?
I am also using SSL/TLC port 993 for IMAP. I am also using same profile for SMTP and IMAP.
please advice.
Thanks
Samir

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2021 06:33 AM
Hi Samir, Were you able to resolve this. We are also stuck on the same issue
Please see if you can provide a perspective
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-17-2021 12:41 PM
Yes, I was able to resolve the authentication issue with OAuth 2.0. I successfully authenticated and can receive Access and Refresh tokens.
Please see attached screen shots of the setup I have.
You need the four OAuth Scopes exactly as displayed. If you are just using for emails (send and receive) then you don't need any other scopes.
Also look at IMAP and SMTP account files. Make sure you have onmicrosoft.com at the end of your "User name" field. e.g. username@companydomain.onmicrosoft.com
The Server field is different for IMAP and SMTP accounts. Make sure you have exactly as it is in my screen shots.
I don't have access to Azure/O365 setup so cannot provide screen shots of the setup (tenant/client) from there. We are using same client for each of our instances but with different email account unique for each instance.
Let me know if you have further questions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-10-2022 06:59 AM
Hello Samir,
Did you also make changes to Script Include apart from above configurations ?