Sending Mail through Outlook¶
Hire2Retire now supports sending mails through your Outlook account using OAuth based authentication mechanism.
Service Provider Application¶
Outlook application on Hire2retire uses OAuth authorization. By linking your Outlook account with Hire2retire, you can authorise the RoboMQ application to have delegated access to send mail on your behalf, for which you will be provided with a consent window to provide permission required by Hire2retire. Following permissions are required on your account to provide a seamless integration experience.
Scopes | Explanation |
---|---|
Mail.Send | To Send Mail on your behalf |
offline_access | With the offline_access scope, the app can receive refresh tokens from the Microsoft identity platform token endpoint |
Create a Connection¶
You need to have an Outlook account with mailbox enabled before using Outlook services on Hire2retire.
-
To authenticate your account you need to click the
Link account
button, which will redirect you to the Outlook sign-in page.Fig.2 Service Provider Connection
-
Following successful sign-in, Outlook presents you with a permissions page. On this page, you will be asked to provide certain permissions that are required by Hire2Retire to send emails on your behalf.
Fig.3 Consent Screen
-
Once you've consented to the permissions, you will be redirected back to Hire2retire. This redirection signifies the successful establishment of the connection between the two platforms.
Customer Owned Application¶
Hire2Retire requires the user to sign-in for this connection. You need to have the application registered on your tenant & provide the necessary permissions required by Hire2Retire. Hire2Retire requires the following details to create a connection.
Application Registration¶
Make sure you have an O365 subscription or access to Entra ID portal.
-
Sign in to the Entra ID portal
Fig.4 Entra ID Portal
-
Browse to
App registrations
and selectNew registration
. -
Enter a display name for your application. In the redirect URI field enter
https://hire2retire.robomq.io/api/auth/callback/Outlook
Fig.5 App Registration
-
Specify who can use the application in supported account types.
-
Select Register to complete the initial app registration.
Credentials¶
Credentials enable your application to authenticate independently, by using a client secret the application will identify itself at runtime.
- Client ID - Application ID
- Client Secret - A string value your app can use in place of a certificate to identify itself.
To get the credentials for your application follow these steps:
-
To get the client id of your application, head over to
Overview
blade under theEssentials
section.Fig.6 Geting Client ID
-
To get the client secret go to the
Manage
section in the navigation panel. Click onCertificates & Secrets
.Fig.7 Geting Client Secret
-
After adding this secret to the application the value will show on the page, save this value somewhere safe because after page refresh the value of the secret will be masked.
Fig.8 Client Secret Value
It is recommended to set the expiration time to 730 days(24 months) for client secret.
Application Permissions¶
Set up application permissions for any application that needs to authenticate itself after the user's consent. To authorize a registered application to access the Microsoft Graph API, navigate to API permissions
> Add a permission
> Microsoft APIs
> Microsoft Graph
> Application permissions
.
Robomq needs the following permissions on your registered application to provide a seamless connection experience:
Scopes | Explanation |
---|---|
Mail.Send | To Send Mail your behalf |
offline_access | With the offline_access scope, the app can receive refresh tokens from the Microsoft identity platform token endpoint |
-
To set permissions go to manage blade then
API permissions
>Add a permission
>Microsoft APIs
and then click on Microsoft graph next, select delegated permissions.Fig.9 API Permissions
In the search bar input
Mail.Send
and select the scope under the Mail section.Fig.10 Mail.Send scope
Search for offline in the search bar and select the
offline_access
under the OpenId sectionFig.11 offline_access scope
Add these permission so that the app can authorize your sign and gives rights to send mail as you.
Create a Connection¶
To create a connection with your own instance of the Entra ID application select the customer owned application option.
-
To authenticate your account you need to enter your client id and client secret and then click the
Link account
button, which will redirect you to the Outlook sign-in page.Fig.12 Customer Owned Application Connection
-
After successful sign-in into your customer owned app and accepting the permissions required consent form the connection will be made and user will be redirected back to Hire2retire.