Sending Mail through Outlook

Hire2Retire now supports sending mails through your Outlook account using OAuth based authentication mechanism.

Fig.1 Add new sender email account

Service Provider Application

Outlook application on Hire2retire uses OAuth authorization. By linking your Outlook account with Hire2retire, you can authorise the RoboMQ application to have delegated access to send mail on your behalf, for which you will be provided with a consent window to provide permission required by Hire2retire. Following permissions are required on your account to provide a seamless integration experience.

Scopes	Explanation
Mail.Send	To Send Mail on your behalf
offline_access	With the offline_access scope, the app can receive refresh tokens from the Microsoft identity platform token endpoint

Create a Connection

You need to have an Outlook account with mailbox enabled before using Outlook services on Hire2retire.

1. To authenticate your account you need to click the Link account button, which will redirect you to the Outlook sign-in page.

   

   Fig.2 Service Provider Connection
   
   

2. Following successful sign-in, Outlook presents you with a permissions page. On this page, you will be asked to provide certain permissions that are required by Hire2Retire to send emails on your behalf.

   

   Fig.3 Consent Screen
   
   

3. Once you've consented to the permissions, you will be redirected back to Hire2retire. This redirection signifies the successful establishment of the connection between the two platforms.

Customer Owned Application

Hire2Retire requires the user to sign-in for this connection. You need to have the application registered on your tenant & provide the necessary permissions required by Hire2Retire. Hire2Retire requires the following details to create a connection.

Application Registration

Make sure you have an O365 subscription or access to Entra ID portal.

1. Sign in to the Entra ID portal

   

   Fig.4 Entra ID Portal
   
   

2. Browse to App registrations and select New registration.

3. Enter a display name for your application. In the redirect URI field enter https://hire2retire.robomq.io/api/auth/callback/Outlook

   

   Fig.5 App Registration
   
   

4. Specify who can use the application in supported account types.

5. Select Register to complete the initial app registration.

Credentials

Credentials enable your application to authenticate independently, by using a client secret the application will identify itself at runtime.

• Client ID - Application ID
• Client Secret - A string value your app can use in place of a certificate to identify itself.

To get the credentials for your application follow these steps:

1. To get the client id of your application, head over to Overview blade under the Essentials section.

   

   Fig.6 Geting Client ID
   
   

2. To get the client secret go to the Manage section in the navigation panel. Click on Certificates & Secrets.

   

   Fig.7 Geting Client Secret
   
   

3. After adding this secret to the application the value will show on the page, save this value somewhere safe because after page refresh the value of the secret will be masked.

   

   Fig.8 Client Secret Value
   
   

It is recommended to set the expiration time to 730 days(24 months) for client secret.

Application Permissions

Set up application permissions for any application that needs to authenticate itself after the user's consent. To authorize a registered application to access the Microsoft Graph API, navigate to API permissions > Add a permission > Microsoft APIs > Microsoft Graph > Delegated permissions.

Robomq needs the following permissions on your registered application to provide a seamless connection experience:

Scopes	Explanation
Mail.Send	To Send Mail your behalf
offline_access	With the offline_access scope, the app can receive refresh tokens from the Microsoft identity platform token endpoint

1. To set permissions go to manage blade then API permissions > Add a permission > Microsoft APIs and then click on Microsoft graph next, select delegated permissions.

   

   Fig.9 API Permissions

   
   

2. In the search bar input Mail.Send and select the scope under the Mail section.

   

   Fig.10 Mail.Send scope

   
   

3. Search for offline in the search bar and select the offline_access under the OpenId section

   

   Fig.11 offline_access scope

   
   

Add these permission so that the app can authorize your sign and gives rights to send mail as you.

Create a Connection

To create a connection with your own instance of the Entra ID application select the customer owned application option.

1. To authenticate your account you need to enter your client id and client secret and then click the Link account button, which will redirect you to the Outlook sign-in page.

   

   Fig.12 Customer Owned Application Connection
   
   

2. After successful sign-in into your customer owned app and accepting the permissions required consent form the connection will be made and user will be redirected back to Hire2retire.