How to configure Office365/Outlook Online email servers (IMAP and SMTP) with Oauth 2

Davin2
Tera Contributor

Hello Community,

Has anyone had any success connecting their instance mail account to a Azure cloud hosted Office365 IMAP or SMTP server while using Oauth 2.0 for authentication? I've followed the docs (steps below) and gotten as far as getting an access token returned, but the "Test Connection" still fails authentication. I suspect the problem may be with the Oauth scopes I'm requesting and/or some setup missing on the Office365 side. The problem is the docs aren't very specific to Office365, and I can't find any definitive walk-thrus on the Office365 side in terms of setting up the application there (and not a lot on Communities dealing with Oauth and IMAP/SMTP). Add to that a basic lack of detailed debugging (why was the authentication failed?) and I'm stuck.

Thanks in advance,

Davin

These are the steps taken (referencing https://docs.servicenow.com/bundle/newyork-servicenow-platform/page/administer/notification/task/t_SetUpOAuth2ForEmail.html )

First installed the "Email - OAUTH support for IMAP and SMTP" plugin, then:

1. In the Azure Office 365 side created an application scope for the ServiceNow instance including the redirect URI for the instance. Also obtained the Client ID, Client Secret, authorization URLs needed for next step.
2. In the instance, created an System Oauth > Application Registry entry for the Office 365 instance.
3. Created Oauth Entity Profile and scopes under the Application Registry. I'm using: Mail.ReadWrite, profile, email, Mail.Send, openid, offline_access for scopes
4. Created an entry in System Mailboxes > Email Accounts for IMAP and SMTP services, selecting Oauth 2.0 as auth type and the right application scope
5. Clicked the "Authorize Email Account Access" button. Entered the Office 365 user credentials in the tab that opened and authorized access. When the email account screen refreshes, I noted a message about Oauth Refresh Token expiring soon.
6. Noted that a new record is created in System Oauth > Manage Tokens. So it's clearly communicating!
7. Clicking the Test Connection link results in authentication failed: (Account name: Office 365 IMAP, Type: imap, sys_id: f25687e51be6401409114229bc4bcbb0) Email account connection test completed with result: error, msg: Connection failed: AUTHENTICATE failed. (screenshot).

 

 

1 ACCEPTED SOLUTION

pawel_staszewsk
Giga Guru

Finally resolved.

See KB0820012

 

View solution in original post

19 REPLIES 19

It turns out that, the SSL/TLS connection was failing, as the "private key password" AND "keystore password" weren't the same in the Certificate Store (Java Key Store).

Community Alums
Not applicable

Hi Murugan,

I am also having the same issue with OAuth 2.0. SMTP is working fine but Test Connection for IMAP throws Authentication Failed error message. 

We are using O365/Azure. 

Where are "private key password" and "keystore password" stored? in ServiceNow or Exchange/Azure?

I am also using SSL/TLC port 993 for IMAP. I am also using same profile for SMTP and IMAP.

please advice.

Thanks

Samir

Hi Samir, Were you able to resolve this. We are also stuck on the same issue

 

Please see if you can provide a perspective

Community Alums
Not applicable

Yes, I was able to resolve the authentication issue with OAuth 2.0. I successfully authenticated and can receive Access and Refresh tokens.

 

Please see attached screen shots of the setup I have.

You need the four OAuth Scopes exactly as displayed. If you are just using for emails (send and receive) then you don't need any other scopes. 

Also look at IMAP and SMTP account files. Make sure you have onmicrosoft.com at the end of your "User name" field. e.g. username@companydomain.onmicrosoft.com

The Server field is different for IMAP and SMTP accounts. Make sure you have exactly as it is in my screen shots. 

I don't have access to Azure/O365 setup so cannot provide screen shots of the setup (tenant/client) from there. We are using same client for each of our instances but with different email account unique for each instance. 

Let me know if you have further questions. 

Hello Samir,

Did you also make changes to Script Include apart from above configurations ?