Microsoft 365 Email Setup with OAuth 2.0 in SysAid Classic

You can set up email integration with the OAuth 2.0 protocol with Microsoft 365 or Google. The instructions below can be applied to incoming or outgoing email integration or both.

Please note:

• This article is for customer using SysAid Classic. If you’re using SysAid Spaces, please see Microsoft 365 Email Setup with OAuth 2.0 in SysAid Spaces.

• We recommend that you limit the application's access to specific mailboxes by creating an application access policy. For more information, see Microsoft Ignite.

Setting up outgoing and incoming email

To set up Microsoft 365 as outgoing and incoming email:

1. In SysAid, go to Settings >  Integration > Email.

2. Click +New.

3. Go to the Incoming Email tab.

4. From the Protocol drop-down, select OAuth 2.0.

5. From the Service provider drop-down,  select Microsoft 365.
   

6. Register your application in Entra:

   1. In your Microsoft 365 account, navigate to Active Directory > App registrations.

   2. Click New registration.

   3. Enter a name for your application.

   4. In the supported account types, select the single tenant option.

   5. (Optional) Select a platform configuration.

   6. Click Register.

7. Client secret:

   1. In App registrations, navigate to Certificates & secrets.

   2. Click New Client secret.

   3. Enter a description.

   4. In the Expires area, select 24 Months.

   5. Click Add.

   6. Copy the generated secret from the Value column.

   7. Back in the SysAid email integration form, paste the secret in the Client secret field.

8. Set up API permission:

   1. Back in Entra, navigate to API permissions and click Add a permission.

   2. Choose Microsoft Graph.
      

   3. Click Delegated Permissions.

   4. Check the User.Read permission.
      

   5. Click Add Permissions.

   6. Click Application Permissions add the following permissions:

      • Calendars.ReadWrite: Allows the app to create, read, update, and delete events of all calendars without a signed-in user.

      • Mail.ReadWrite: Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail.

      • Mail.Send: Allows the app to send mail as any user without a signed-in user.

      • User.Read.All: Allows the app to read user profiles without a signed-in user.

      Tip!

      To see all avilable permissions and learn more about each permission, go to Microsoft Learns.

   7. Click Add Permissions.

   8. Click Application Permissions.

   9. Click Grant admin consent for <domain name>.

   10. Click Yes.

9. Copy the Tenant ID and Client ID:

   1. In Azure Active Directory, navigate to App registrations and select the app you just set up.

   2. Copy the Application (client) ID and paste it into the Client ID field in the SysAid email integration form.

   3. Copy the Directory (tenant) ID and paste it into the Tenant ID field in the SysAid email integration form.
      

10. In your email inbox settings, navigate to General > Language and Time and ensure that the value of the Current Time Zone field reflects the appropriate time zone for your account.

11. Follow the instructions in the relevant links below to fill out the rest of the email form. Be sure that the inbox that you set up for incoming email integration is dedicated specifically for incoming email integration with SysAid and not used for any other purposes.

Please note:

All emails sent to the integrated email address create a service record and are deleted shortly after. In Microsoft 365 OAuth 2.0, due to Microsoft policies, such emails are moved to the Recoverable Items folder, instead of the Deleted folder (as expected). This is in accordance with Microsoft 365 design; more details can be found in Microsoft Ignite.

To easily locate your incoming (deleted) emails, simply click the Recoverable Items link (at the top of the Deleted folder) and find all the relevant emails (which are kept there for 30 days, same as in the deleted folder).

Another option to bypass this behavior is to define a dedicated folder for copies of all incoming emails. To do so, go to Settings > Integration > Email > Incoming Email tab, and fill in the Send a copy of the incoming emails to field (available for Enterprise editions only).

To learn more, see Incoming Email Integration Form.

Allowing admins to send messages from their personal email profiles

This option allows agents to select their personal email profiles (listed in their user profile under User Management) as the "from" address when they send emails. This allows them to communicate directly with end users via their own email account, rather than through an impersonal service desk profile.

To allow admins to send messages from their personal email profiles:

1. In your SysAid account, go to Settings > Setup > Email and click on Advanced options.

2. Select the Allow admins to send messages from their personal email profiles checkbox.

3. Go to your Exchange admin center.

4. Navigate to Recipients > Mailboxes and search for and click on the relevant user.

5. Go to the Delegation tab and under the Send as section, click Edit.

6. Check the checkbox whose email matches the one you’ve configured for the Auth 2.0 email integration.

This process must be repeated for every team member who wants to use their personal email to communicate with an end user.

Switching from Basic authentication with Client Submission (SMTP AUTH) to OAuth 2.0

If you’ve been using Microsoft Basic authentication with Client Submission (SMTP AUTH) and would like to switch to Microsoft OAuth 2.0 due to the deprecation of the method, please watch the video below.