How to Setup SMTP and IMAP email accounts via OAuth 2.0 Authentication on ServiceNow using MS O365

We recently completed a task to setup SMTP and IMAP email accounts via OAuth 2.0 authentication on ServiceNow using MS O365. We also got this article published in ServiceNow community section. We are sharing the steps we followed to accomplish this task:

Steps:

1. Install Plugin - Email - OAuth support for IMAP and SMTP

2. Contact the O365 Admin and have him perform the below :

a. Register OAuth Authentication.

b. Create Certificates and Permission on the Mailbox to generate Application ID, Client secret ID and Client ID and Value (all these will be provided by the admin).

c. Create a API scopes on MS graph

3. Configure OAuth entity(application Registry) on ServiceNow

map details shared :

Client ID == Application ID

Client Secret == Value

Authorization URL:?https://login.microsoftonline.com/[Azure?Tenant ID]/oauth2/v2.0/authorize

Token URL:?https://login.microsoftonline.com/[Azure?Tenant ID]/oauth2/v2.0/token

Redirect URL: {Instance_URL}/oauth_redirect.do

4. Create OAuth Entity Profile Scopes as below and map the OAuth Entity.

a.?OAuth scope: "https://outlook.office.com/IMAP.AccessAsUser.All"

b.?OAuth scope: "https://outlook.office.com/SMTP.Send"

c.?OAuth scope: "offline access".

5. This should create OAuth Entity Profile, make sure OAuth Entity profiles also have the above scope mapped.

6. Create Email accounts Selection type as SMTP <> user connection security as STARTTLS (this is for email sending)

7. Create email accounts Selection type as IMAP <> connection security as SSL/TLS ( this is for receiving ).

8. Before clicking on "Authorize Email account access", please open a browser in incognito mode and then apply. This should open a MS SSO window where you enter credentials of the mailbox you are trying to authorize.

Note : Failing to do so or if your authentication passes without an MS SSO window, please understand that your account has been validated instead of the mailbox.

9. Once your mailbox account is validated with MS, your tokens will be refreshed.

10. In case of any errors you can grant permissions to mailbox, validate email diagnostics and check if sender and reader jobs are properly running.

Note: Regarding SMTP : Once configured, you will have to use your mailbox when authorizing the access, better to use incognito mode. This will allow the you to enter the mailbox credentials and create authentication.

?

For IMAP: You can follow the above, and also check if the mailbox has IMAP scope set up, get the O365 admin to validate and enable the IMAP scope, this should fix receiving issues as the Email reader will start reading emails from your Mailbox.

We do have a KB article #KB0816072 for reference, however it does not provide clear details on how to set up correctly.