Skip to content

Sending Mail through Outlook

Access Request now supports sending emails through your Outlook account using an OAuth-based authentication mechanism.

Service Provider Application

The Outlook application on Access Request uses OAuth authorization. By linking your Outlook account with Access Request, you can authorize the RoboMQ application to have delegated access to send mail on your behalf, for which you will be provided with a consent window to provide the required permission by Access Request. The following permissions are required on your account to provide a seamless integration experience.

Scopes Explanation
Mail.Send To Send Mail on your behalf
offline_access With the offline_access scope, the app can receive refresh tokens from the Microsoft identity platform token endpoint

Create a Connection

You need to have an Outlook account with a mailbox enabled before using Outlook services on Access Request.

  1. To authenticate your account, you need to click the Link account button, which will redirect you to the Outlook sign-in page.

    Outlook Service Provider Connection

  2. Following successful sign-in, Outlook presents you with a permissions page. On this page, you will be asked to provide certain permissions that are required by Access Request to send emails on your behalf.

    Outlook Service Provider Consent Screen

  3. Once you consent to the permissions, you will be redirected back to the Access Request Configuration Page.

Customer Owned Application

Access Request requires the user to sign in for this connection. You need to have the application registered on your tenant & provide the necessary permissions required by Access Request. Access Request requires the following details to create a connection.

Application Registration

Make sure you have an O365 subscription or access to the Entra ID portal.

  1. Sign in to the Entra ID portal

    Entra ID Portal

  2. Browse to App registrations and select New registration.

  3. Enter a display name for your application. In the redirect URI field, enter https://hire2retire.robomq.io/access-manager/api/auth/callback/Outlook

    App Registration

  4. Specify who can use the application in supported account types.

  5. Select Register to complete the initial app registration.

Credentials

Credentials enable your application to authenticate independently. By using a client secret, the application will identify itself at runtime.

  • Tenant ID - Tenant ID
  • Client ID - Application ID
  • Client Secret - A string value your app can use in place of a certificate to identify itself.

To get the credentials for your application, follow these steps:

  1. To get the client ID and tenant ID of your application, head over to Overview blade under the Essentials section.

    Client ID

  2. To get the client secret, go to the Manage section in the navigation panel. Click on Certificates & Secrets.

    Create Client Secret

    Fig.7 Geting Client Secret

  3. After adding this secret to the application, the value will show on the page. Save this value somewhere safe because after page refresh, the value of the secret will be masked.

    Client Secret Value

It is recommended to set the expiration time to 730 days(24 months) for the client secret.

Application Permissions

Set up application permissions for any application that needs to authenticate itself after the user's consent. To authorize a registered application to access the Microsoft Graph API, navigate to API permissions > Add a permission > Microsoft APIs > Microsoft Graph > Delegated permissions.

Robomq needs the following permissions on your registered application to provide a seamless connection experience:

Scopes Explanation
Mail.Send To Send Mail on your behalf
offline_access With the offline_access scope, the app can receive refresh tokens from the Microsoft identity platform token endpoint

  1. To set permissions, go to the manage blade, then API permissions > Add a permission > Microsoft APIs, and then click on Microsoft Graph next, select delegated permissions.

    Permissions

  2. In the search bar, input Mail.Send and select the scope under the Mail section.

    Mail Send

  3. Search for offline in the search bar and select the offline_access under the OpenID section

    Offline Access

Add these permissions so that the app can authorize your sign-in and gives rights to send mail as you.

Create a Connection

To create a connection with your own instance of the Entra ID application, select the customer-owned application option.

  1. To authenticate your account, you need to select Entra ID Cloud Instance, then enter your tenant ID, client ID, and client secret, and then click the Link account button, which will redirect you to the Outlook sign-in page.

    Outlook Customer Owned Application Connection

  2. After successful sign-in into your customer-owned app and accepting the permissions required consent form the connection will be made, and the user will be redirected back to the Access Request Configuration Page.