Importing documentsEmail Import configurationConfigure Microsoft Email Services with OAuth2

Configure Microsoft Email Services with OAuth2

This procedure describes how to register an application for email import configuration in Transact using Office 365 with OAuth2 as an authentication type. This will generate a client secret and client ID to be used in Email configuration.

Register app on Azure Active Directory

Follow the steps below to register an App to allow email ingestion in Transact using OAuth2.

The permissions may require authorization from an administrator.

  1. Sign in to the Azure Portal using your credentials.
  2. From Azure services, locate and open Azure Active Directory (also known as Azure AD).
  3. Under the Manage section, select App registrations.
  4. In the App registrations screen, click New registration.

    The Register an application screen displays.

  5. Enter the user-facing display name for the App in Name.
  6. Select one of the following account types depending on your needs:

    • Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)

    • Accounts in any organizational directory (Any Azure AD directory - Multitenant)

  7. Leave the option Redirect URI (optional) as is.
  8. Click Register to complete the App registration. This will return you to the screen for the new App.
  9. In the App screen, locate the Application (client) ID. Copy it to be used when configuring email ingestion for Transact.
  10. From the left panel, select Certificates & secrets.
  11. In the Certificates & secrets screen, click New client secret in the Client secrets section.
  12. In the Add a client secret dialog box, click the Add button.

    Note the following:

    • Fill in a description to identify this secret among many (as of now the limit is two secrets per app).

    • Select an expiration date according to your company policy. Once expired, a new client secret will need to be created and specified for each email configuration where it was used previously.

    The newly generated client secret will be visible.

  13. Copy the client secret to be used when configuring email ingestion for Transact.

    Ensure that you have copied the client secret as the client secret will not display again once it is closed.

  14. Select Authentication on the left panel.

    This will present the Authentication screen on the right-hand side.

  15. In the Advanced settings section, click Yes for Default client type.
  16. Click Save to confirm changes.
  17. Select API permissions from the left panel.

    This will present the API permissions screen.

  18. By default, the User.Read permission from Microsoft Graph is present, leave this as is.

    This is a required permission. If this permission is not available, then add the permission with the steps mentioned below for Mail.ReadWrite permission.

  19. Click Add a permission.

    This will open the Request API permissions panel.

  20. Click Microsoft Graph.
  21. From the two sub-categories, select Delegated permissions.
  22. Type Mail.ReadWrite in the search box.
  23. Select the Mail.ReadWrite check box for the permission.

    This will enable the Add permissions button at the bottom of the panel.

  24. Click Add permissions.

    This will add the Mail.ReadWrite permission to the list of Configured permissions for the app.

    Administrator permissions may be required. The administrator will have to authorize the App for using these permissions. If this authorization is pending, then the errors in dcma.all.log would suggest it. Once authorized the granted status will be indicated.

Configure email in Transact

  1. Follow the steps described in Email configuration.
  2. Click Test Email to validate the email configuration.

    You should see the message: Email configuration validated successfully.