SupportPal Docs

Third-Party Integrations: Microsoft

The Microsoft integration can be used to allow using OAuth authentication for IMAP (department email accounts) and SMTP (outgoing emails).

Contents

Prerequisites

To set up Microsoft, you must have access to Microsoft Entra ID. It is included if you have a Microsoft 365 subscription.

Activate or Deactivate Integration

The Microsoft integration is disabled by default and needs to be activated before use.

  1. Visit Settings -> General -> Third-Party Integrations.
  2. Find the Microsoft integration and click the "Activate" link located on the left of the table.
  3. The page will reload confirming the integration has been activated.

Third-Party Integrations

The integration can be deactivated by following the above process, but using the "Deactivate" link instead.

Integration Settings

To set up Microsoft, follow the steps below.

  1. Visit the Microsoft Entra admin center - https://entra.microsoft.com - and sign in to your Microsoft account.
  2. In the sidebar, under "Identity", click on "Applications", and then "App registrations".
    App Registrations
  3. Click on "New registration".
    New registration
  4. In SupportPal, click on "Settings" under Microsoft on the third-party integrations page. This page will show you the required redirect URI needed.
    Microsoft Third-Party Integration
    Redirect URI
  5. Enter a name for your application, select "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" for supported account types and fill in the redirect URI with what is shown in SupportPal and select "Web" in the platform dropdown. Click "Register".
    Register an Application
  6. Your app will now be registered, the application (client) ID is what you'll need to enter in to SupportPal later.
    App Details
  7. Now, under "Manage", click on "API permissions", and then on "Add a permission".
    API Permissions
    Add a Permission
  8. Click on "Microsoft Graph", and then on "Delegated permissions".
    Microsoft Graph Permissions
    Delegated Permissions
  9. Search for and select the following permissions, and then click "Add permissions".
    • offline_access
    • IMAP.AccessAsUser.All
    • SMTP.Send
    Permission - offline_access
    Permission - IMAP.AccessAsUser.All
    Permission - SMTP.Send
  10. The page will reload with the new permissions, then click on "Grant admin consent for [Company Name]", and click "Yes" on the popup to confirm.
    Grant Admin Consent
    Grant Admin Consent - Confirm
  11. Next, under "Manage", click on "Certificates & secrets".
    Certificates & Secrets
  12. Click on "New client secret". In the popup that shows, enter a name and select "24 months" for the expiry, then click "Add".
    Client Secret
    Add Client Secret
  13. The client secret value (not client secret ID) will show that need to be entered on the SupportPal screen, along with the client ID as mentioned above, and click "Save".
    Client Secret
    Microsoft Third-Party Integration Settings

Microsoft OAuth for Department Email Accounts (IMAP) and SMTP

To use Microsoft as an OAuth authentication provider, follow the below steps.

  1. Ensure the Microsoft integration is set up as listed in Integration Settings.

  2. Department Email Accounts

    Go to Settings -> Tickets -> Departments, click an existing department or create new department. Scroll down to Email Accounts.

    SMTP

    Go to Settings and click on the Email tab. If configuring for a brand, go to Settings -> General -> Brands, click on your brand and then the Email tab.
  3. Change the Authentication dropdown to "OAuth".
  4. Select Microsoft from the provider dropdown. If it isn't visible, you may have a problem in your integration settings.
  5. Ensure the rest of the relevant details are filled in Click on "Get Access Token".
    Microsoft OAuth Provider
  6. A pop up will show, you may need to login (with the email address you are trying to request a token for) and follow through all steps before the popup will close itself.
    Microsoft OAuth Popup
  7. The access token will now have saved to SupportPal, you can confirm by seeing that the button is now red and labelled "Reset Access Token".
    Reset Access Token
  8. Finally, click "Validate Authentication" to confirm it is working, and then continue with the form on seeing a success message.
    The access token will not be saved unless the settings form is submitted.

Troubleshooting

The provided value for the input parameter 'redirect_uri' is not valid

The redirect URL entered in the Microsoft app is not correct. Under "Manage", click on "Authentication" and ensure the Redirect URI matches the one shown in the integration settings. Click "Save" after changing the URI.

Invalid Redirect URI

User is authenticated but not connected

There are a plethora of reasons why you may see this error, below are some possibilities: