OAuth Microsoft 365 Authentication

The Microsoft 365 servers support authorization via the industry-standard OAuth 2.0 protocol. QMS now supports authenticating with Microsoft 365 using OAuth. Follow these steps to configure your Microsoft 365 for integration with QMS.

 Please note that Microsoft 365 Developer Program test accounts are very spam sensitive. To test with such test account, please look for your emails at your sent emails folder.

 

Register a new application

Open Microsoft Entra admin center. At the left side bar, below Azure Active Directory, click Applications. and then App registrations.

Then at the top, click New registration.

Enter the name of your service (it does not matter what it is called), and at the bottom click the Register button.

Take note of the Directory (tenant) ID and Application (client) ID for later use.

Create a client secret

After registering the application, in the App registrations left-hand menu, click Certificates & secrets and then New client secret.

At the right, choose when the secret expires, and at the bottom click the Add button.

Take note of the Value of the secret for later use. If this is lost, you have to create a new secret.

Configure API permissions

In the App registrations left-hand menu, click API permissions and then Add a permission.

At the right, click Microsoft Graph and then Application permissions.

You can type "mail" in the search box, to help you find Mail permissions.

Click on Mail, and then on the Mail.Send checkbox.

At the bottom click the Add permissions button.

Back at the API permissions page, click on the Grant admin consent for MSFT, and then click Yes.

After a moment, the Mail.Send permissions should have a green check in the status column, and label Granted for MSFT.

You can remove the unused default User.Read permissions, by clicking on it, Remove permission, and Yes, remove.

 

QMS Configuration

Open your QMS administator website and navigate to Administration, General Settings. Under the Email Settings enter the following configuration:

  • Select OAuth Microsoft 365 Authentication

  • OAuth Tenant ID: enter the Directory (tenant) ID

  • OAuth Client ID: enter the Application (client) ID

  • OAuth Client Secret: enter the client secret value

  • To Email Address(es): enter the email addresses that you want the QMS emails to be sent to.

  • From Email Address: enter a user's email address from your Microsoft 365 directory that you want the QMS emails to appear to be sent from.