How to Setup SMTP and IMAP email accounts via Oauth 2.0 Authentication on ServiceNow using MS O365

Vishal Jawalka1 · ‎10-13-2022

Follow the Below:

1. Install Plugin - Email - OAUTH support for IMAP and SMTP

2. Contact the O365 Admin and have him perform the below :

a. register Oauth Authentication.

b Create Certificates and Permission on the Mailbox to generate Application ID, Client secret ID and Client ID and Value ( all these will be provided by the admin ).

c. Create a API scopes on MS graph

3. Configure Oauth entity(application Registry) on ServiceNow

map details shared :

Client ID == Application ID

Client Secret == Value

Authorization URL: https://login.microsoftonline.com/[Azure Tenant ID]/oauth2/v2.0/authorize
Token URL: https://login.microsoftonline.com/[Azure Tenant ID]/oauth2/v2.0/token
Redirect URL: {Instance_URL}/oauth_redirect.do

4. Create Oauth Entity Profile Scopes as below and map the O auth Entity.

a.
OAuth scope: "https://outlook.office.com/IMAP.AccessAsUser.All"

b.
OAuth scope: "https://outlook.office.com/SMTP.Send"

c.
OAuth scope: "offline access"

5. This should create Oauth Entity Profile, make sure Oauth Entity profiles also have the above scope mapped.

6. Create Email accounts Selection type as SMTP <> user connection security as STARTTLS (this is for email sending )

7. Create email accounts Selection type as IMAP <> connection security as SSL/TLS ( this is for receiving )

8. Before clicking on Authorize Email account access, please open a browser in incognito mode and then apply. This should open a MS SSO window where you enter credentials of the mailbox you are trying to authorize

note : Failing to do so or if your authentication passes without an MS SSO window, please understand that your account has been validated instead of the mailbox.

9. once your mailbox account is validated with MS, your tokens will be refreshed.

10. in case of any errors please grant permissions to mailbox, validate email diagnostics and check if sender and reader jobs are properly running.

note:

for SMTP : once configured, you will have to use your mailbox when authorizing the access, better to use incognito mode. This will allow the you to enter the mailbox credentials and create authentication

for IMAP: please follow the above, and also check if the mailbox has IMAP scope set up, get the O365 admin to validate and enable the IMAP scope, this should fix receiving issues as the Email reader will start reading emails from your Mailbox.

We do have a KB article : KB0816072 for reference, however it does not give the details on how to set up correctly.

Vishal Jawalka1 · ‎10-16-2022

did you configure token using your mailbox login? or was it using your account?

Can you please share any screenshots?

VGSnow · ‎10-14-2022

I am getting the error "HTTP-401 Not Authorized". Can someone please help me with what the issue could possibly be?

Vishal Jawalka1 · ‎10-16-2022

The application ID and secret ID ( which is your client ID and client secret ID ) werent properly mapped.

Please take help of O365 admin on this part and get them mapped correctly. Should be a minor change.

Daniel R2 · ‎12-22-2022

@VGSnow - Did you manage to resolve this error? we are receiving the same error.

Daniel R2 · ‎12-20-2022

@Vishal Jawalka1 - Hi, thank you for step by step guide on this.

We are working on this on my current project, we have configured everything you have mentioned, however we still receive an error when we select 'test conection'. The error we receive is 'Connection Failed - OAuth Access Token is not present or has expired. Email account = ..........."

However when we select 'authorize email account access', it does provide us with an MS Teams SSO pop up box which is apparently what is supposed to happen, according to the above steps. My only concern is the error we get when we test the connection. Can you please advise.