Configure client credential flow for SMTP OAuth2 using a client id and secret

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Configure outbound email accounts in a ServiceNow instance using a client id and secret.

    始める前に

    Create an Microsoft Azure account to configure an OAuth profile.

    Complete the setup steps using your Microsoft Azure Developer account. See Microsoft Azure product documentation for instructions on creating and configuring custom applications.

    Role required: Microsoft Azure portal administrator and admin

    手順

    1. Log in to the Microsoft Azure registration portal with your organization credentials.
      For more information, see the Microsoft Azure registration portal documentation.
    2. Register a new custom application by filling in the application name, supported account type, and redirect URL, and select Register.
      注:
      Enter the redirect URL in the following format: https://<instance>/oauth_redirect.do.
      An overview of the application's basic information is displayed.
    3. Copy the client ID to a text file.
      You’ll use this client ID and the client secret value generated in the next steps to register the app as a third-party OAuth provider on your ServiceNow instance. You use the application ID as the client ID when you connect the application to your instance.
    4. Enable the SMTP.SendAsApp permission.
      1. In Microsoft Azure, navigate to Manage > API permissions.
      2. Select Add a permission.
      3. Select the Microsoft Office 365 tile.
      4. Select Application Permissions.
      5. In the Select permissions field, enter SMTP SendAsApp.
      6. Select the SMTP SendAsApp check box.
      7. Select Add permissions.
    5. Select Grant admin consent for <your organization name>, then select Yes to confirm.
    6. Add a client secret.
      1. In Microsoft Azure, navigate to Manage > Certificates & secrets.
      2. Select New client secret.
      3. Provide a description and an expiration date, then select Add.
    7. Copy the value (secret value) to a text file.
    8. Register service principals in Microsoft Exchange using PowerShell.
      1. Run the following commands. 
        Install-Module -Name ExchangeOnlineManagement -allowprerelease
Import-module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <tenantId>
        For more information, see Authenticate SMTP connection using OAuth
      2. Register an Microsoft Entra ID application's service principal by running the following command. 
        New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
        重要:
        For the OBJECT_ID value, go to Overview > Managed applications in local directory and copy the Object ID.
      3. Add permission to user email ID using the following command. 
        Add-MailboxPermission -Identity "<email_id>" -User <object_id> -AccessRights FullAccess
    9. Navigate to Overview > Endpoints and copy the OAuth 2.0 token endpoint (v2) to a text file.
      You use the OAuth 2.0 token endpoint (v2) when registering an OAuth provider. For more information, see Register an OAuth provider.

    次のタスク

    Register an OAuth provider