Configure online EWS for OAuth authentication

Starting with Version 11.3.5, Enterprise Client supports OAuth authentication for Exchange Web Services (EWS). You can use the OAuth authentication service provided by the Microsoft Azure Active Directory and enable your EWS managed API applications to access Exchange online in Office 365.

Prerequisites

You must use EWS OAuth to authenticate with the Exchange server for email automation.
Note: Exchange Online is deprecating Basic Authentication for multiple protocols.

After the connection is established, you can perform all the email-related operations seamlessly. The best practice is for a system administrator to perform the following steps.

  1. Log in to the Microsoft Azure portal using a work or school account.

    Azure portal

  2. Register your application with the Microsoft Identity platform to obtain the client ID and tenant ID.

    API permissions and delegated permissions for application are not required for single-tenant account type.

    Register an application

  3. When registering the application, set the redirect URI for the application. Otherwise, an error is displayed when connecting the Enterprise Client to the application for the first time.

    EWS OAuth authentication

  • To establish the connection using OAuth, authenticate with the EWS server once using one of the following options:
    Note: You have to establish the connection only when connecting for the first time.
  • For EWS OAuth authentication, the Client ID and Tenant ID fields are mandatory to establish the connection to the server. The interface displays these fields as optional because they can be skipped for Basic Authentication. The recommended practice is to use OAuth Authentication for enhanced security.
  • If you are connecting to the EWS OAuth server for first time, enter the value for the Client ID and Tenant ID in plain text.

    For subsequent connections, you can also use custom variables for the client and tenant IDs.

  • EWS connection process will stop with timeout error if the OAuth authentication takes more than 2 minutes.

Procedure

  1. Go to Tools > Options > Emails Settings, and select EWS as the outgoing mail server. You can also set it from Email Automation command or, Trigger manager.
  2. In the Client ID and Tenant ID fields, enter the unique client and tenant IDs generated when you registered the application in the Microsoft Azure portal.
  3. Click Connect to sign into your account, accept the permissions requested to authenticate, and establish a connection with the EWS OAuth server. When the requested permissions are accepted the access token will be acquired with the scope EWS.AccessAsUser.All