Need

Since January 2023, Microsoft does not allow simple authentication (User/Password method) to connect to Outlook IMAP and POP servers.
It is now required to us “modern” authentication, specially OAuth2.
Since xDI 5.3.9, it is possible to define such a mechanism, based on token generation, to connect to Outlook Outgoing Server and/or Incoming Account.


Summarized Solution

To connect to Outlook servers using OAuth2 from xDI we will:

  • remind how to configure Azure Portal to declare an Application (Semarchy-xDI) which will be authorized to authenticate with OAuth2 and use IMAP/POP,

  • show how to create an HTTP Security metadata for Oauth2,

  • define an Outlook Metadata


Detailed Solution


  How to configure Azure Portal to declare an Application (xDI)

  1. Connect to the Azure Portal and look for the App Registrations

  1. Click New Registration

  1. Give a name for the Application, for example "Semarchy-xDI" and complete the required information to match your organization policy, then click on Register

  2. Select API Permissions

  1. Choose Add a Permission / Microsoft Graph / Delegated Permissions and add the following list of permissions:

Mail.Read

Mail.Send

offline_access

openid

SMTP.Send

User.Read



  1. Go to Authentication / Add a Platform and configure URLs with https://localhost, and check both tokens. 

  1. Go to Certificates and Secrets and add a Client Secret. Note the values in a safe place. 

  1. Go to Overview and note the values of "Application (client) ID" and "Directory (tenant) ID"

Create an HTTP Security metadata for Oauth2

Define Outlook Metadata

Depending on the protocol:

  • For Incoming Account node (IMAP protocol)

mail.imap.sasl.mechanisms=XOAUTH2

mail.imap.auth.xoauth2.disable=false

mail.imap.auth.login.disable=true

mail.imap.auth.plain.disable=true

  • For Incoming Account node (POP3 protocol)

mail.pop3.sasl.mechanisms=XOAUTH2

mail.pop3.auth.xoauth2.disable=false

mail.pop3.auth.login.disable=true

mail.pop3.auth.plain.disable=true

  • For Outgoing Server node (SMTP protocol)

mail.smtp.auth.mechanisms=XOAUTH2

mail.smtp.auth.login.disable=true

mail.smtp.auth.plain.disable=true

Refer to the documentation for more information.