What Service Provider do I select for connecting to Microsoft Exchange Online using OAuth 2.0 and POP3?

Still need help?

The Atlassian Community is here for you.

Ask the community



Platform notice: Server and Data Center only. This article only applies to Atlassian products on the server and data center platforms.

Purpose

Microsoft Exchange Online is deprecating basic authentication according to the information in their Exchange Team Blog

Jira has been supporting OAuth with IMAP but has recently included the same support for POP3 and SMTP (for outgoing mail). 

OAuth 2.0 support for POP3 mailboxes has been added to the following Jira versions: 8.5.12, 8.13.4, and 8.15.0.

OAuth 2.0 support for Microsoft SMTP outgoing mail has appeared in Jira 9.2.0 and will be available in the next versions.

Solution

Since POP3 for Microsoft Exchange Online isn’t listed as an option for a service provider setting, you should select Microsoft Exchange Online / Outlook (IMAP) in your incoming mail server configuration.

To create the working configuration, you should

  1. Add Microsoft as a new integration for OAuth 2.0 in Jira

  2. Generate a correct OAuth 2.0 key and secret in Azure

  3. Complete the incoming mail server configuration in Jira with the new server

To complete these steps, follow the instructions in this document.

Add Microsoft as a new OAuth 2.0 integration

To add Microsoft as a new integration for OAuth 2.0, check the Jira version you’re using and follow the corresponding instructions.

Jira 8.22 and newer

Follow the instructions on configuring an outgoing link

Jira 8.21 and older

  1. Go to Administration > System > OAuth 2.0.

  2. Select Add new integration.

  3. In the Service Provider field, select Microsoft.

  4. In the Redirect URL field, select Copy.

  5. Generate an OAuth key and secret in Azure and go back to Jira. See the following instructions.

Learn more about Jira integration with OAuth 2.0

Generate an OAuth 2.0 key and secret in Azure

The following are common high-level steps for setting up the OAuth 2.0 application and related parameters in Azure. Please reach out to your MSFT administrator or their documentation and support if you need additional assistance or have questions. The work in Azure is outside of Jira’s support scope. However, to better assist our customers we created this detailed guide

To get an OAuth key and secret in Azure:

  1. Login to https://portal.azure.com/.

  2. Select App registrations.

  3. Select New registration.

  4. Enter a friendly, easy-to-identify name.

  5. Under Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).

  6. Under Redirect URI, select Web and insert the URL retrieved previously

  7. Select Register.

  8. Select API permissions.

  9. Select Add a permission.

  10. Select Microsoft Graph.

  11. Select Delegated permissions.

  12. Select the following permissions:

    1. OpenId permissions: offline_access

    2. IMAP: IMAP.AccessAsUser.All

    3. POP: POP.AccessAsUser.All

  13. Select Add permissions.

  14. Select Grant admin consent for.

  15. In the left menu, select Certificates & secrets.

  16. Select New client secret.

  17. Enter a description and select an expiration date.

  18. Save the generated Value. You’ll use it as the Client secret in Jira. You’ll see the Value only once.

  19. Select Overview.

  20. Save the Application (client) ID. You’ll use it as the Client ID in Jira.

  21. Go back to Jira and complete the configuration by inserting the following details:

    1. Client ID from step 20

    2. Client secret from step 18

    3. Scopes: "https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All" and "offline_access"

  22. Select Save.

  23. Test the connection.

If the connection is successful, proceed with the following steps.

Optionally, check the Microsoft doc on how to get the Client ID and secret.

Complete the OAuth configuration in Jira

To complete the OAuth 2.0 configuration, on your Jira instance:

  1. Go to Administration > System.

  2. Under Mail, select Incoming mail.

  3. In the Mail servers section, select Add mail server.

  4. In the Service Provider field, select Microsoft Exchange Online / Outlook (IMAP) even though you are using a POP3 account.

  5. In the Username field, insert the email address used by Jira.

  6. In the Authentication method field, select the newly created server.    

  7. Select Authorize and log in to Microsoft using the user account that is associated with the mailbox being configured. 

  8. Select Test Connection to ensure that it’s successful.

  9. Select Save.





Last modified on Oct 26, 2022

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.