OAuth2 Support

Before configuring OAuth2 support for receiving and sending email in OTRS CE, you need to enable IMAP or POP3 access for your email service and create OAuth2 client credentials. Follow the instructions for the appropriate email service provider:

• Configuring OAuth2 support in Gmail
• Configuring OAuth2 support in Microsoft 365

Creating an OAuth2 Token Configuration

1

Go to the "Admin" screen, and under "Communication & Notifications", select "OAuth2" to open the OAuth2 Configuration Management screen.

2

In the "Actions" sidebar, select the configuration template for your email service provider, and click "Add Configuration".

3

Under "Base configuration", enter a name for the new OAuth2 token configuration, and paste the client ID and client secret values generated by your email service provider.

4

Click "Save".

Requesting the Tokens

1

In the OAuth2 Configuration Management screen, click the "Request new token" button corresponding to the new OAuth2 token configuration.

2

A popup window will appear, allowing you to log in to the email service provider and grant access to the email account to OTRS CE. Follow the instructions in the window to complete the process.

3

Upon completion, the OAuth2 Configuration Management screen will be refreshed and you should see that both the authorization token and refresh token have been retrieved.

Enabling OAuth2 for Incoming Email

This section assumes you have already configured at least one IMAP or POP3 email account to receive email messages in OTRS CE.

1

Go to the "Admin" screen, and under "Communication & Notifications", select "PostMaster Mail Accounts" to open the Mail Account Management screen.

2

Click on the email account which you want to configure to use OAuth2.

3

On the email account details screen, set "Authentication method" to "OAuth2 token", and select the previously created configuration in "OAuth2 token configuration". Then click "Save".

Enabling OAuth2 for Outgoing Email

1

Go to the "Admin" screen, and the "Administration" section, select "System Configuration".

2

In the "Navigation" sidebar, expand the "Core" group and select "Email".

3

Edit the "SendmailModule" setting and select the appropriate SMTP module required by your email service provider (usually either "Kernel::System::SMTPS" or "Kernel::System::SMTPTLS").

4

Fill in the "SendmailModule::AuthUser", "SendmailModule::Host", and "SendmailModule::Port" settings with the values that are required by your email service provider.

5

In the "SendmailModule::AuthenticationMethod" setting, choose "OAuth2 token".

6

In the "SendmailModule::OAuth2TokenConfigName" setting, enter the name of the OAuth2 token configuration that you created earlier for your email service provider.

7

Make sure all edited settings are saved using the button next to each setting.

8

Deploy the changed settings using the "Deployment" button in the "Actions" sidebar.