Configure client credential flow for SMTP OAuth2 using a client id and secret

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 5분

    • Configure outbound email accounts in a ServiceNow instance using a client id and secret.

    시작하기 전에

    Create an Microsoft Azure account to configure an OAuth profile.

    Complete the setup steps using your Microsoft Azure Developer account. See Microsoft Azure product documentation for instructions on creating and configuring custom applications.

    Role required: Microsoft Azure portal administrator and admin

    프로시저

    1. Log in to the Microsoft Azure registration portal with your organization credentials.
      For more information, see the Microsoft Azure registration portal documentation.
    2. Register a new custom application by filling in the application name, supported account type, and redirect URL, and select Register.
      주:
      Enter the redirect URL in the following format: https://<instance>/oauth_redirect.do.
      An overview of the application's basic information is displayed.
    3. Copy the client ID to a text file.
      You’ll use this client ID and the client secret value generated in the next steps to register the app as a third-party OAuth provider on your ServiceNow instance. You use the application ID as the client ID when you connect the application to your instance.
    4. Enable the SMTP.SendAsApp permission.
      1. In Microsoft Azure, navigate to Manage > API permissions.
      2. Select Add a permission.
      3. Select the Microsoft Office 365 tile.
      4. Select Application Permissions.
      5. In the Select permissions field, enter SMTP SendAsApp.
      6. Select the SMTP SendAsApp check box.
      7. Select Add permissions.
    5. Select Grant admin consent for <your organization name>, then select Yes to confirm.
    6. Add a client secret.
      1. In Microsoft Azure, navigate to Manage > Certificates & secrets.
      2. Select New client secret.
      3. Provide a description and an expiration date, then select Add.
    7. Copy the value (secret value) to a text file.
    8. Register service principals in Microsoft Exchange using PowerShell.
      1. Run the following commands. 
        Install-Module -Name ExchangeOnlineManagement -allowprerelease
Import-module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <tenantId>
        For more information, see Authenticate SMTP connection using OAuth
      2. Register an Microsoft Entra ID application's service principal by running the following command. 
        New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
        중요사항:
        For the OBJECT_ID value, go to Overview > Managed applications in local directory and copy the Object ID.
      3. Add permission to user email ID using the following command. 
        Add-MailboxPermission -Identity "<email_id>" -User <object_id> -AccessRights FullAccess
    9. Navigate to Overview > Endpoints and copy the OAuth 2.0 token endpoint (v2) to a text file.
      You use the OAuth 2.0 token endpoint (v2) when registering an OAuth provider. For more information, see Register an OAuth provider.

    다음에 수행할 작업

    Register an OAuth provider