Configure OAuth for Microsoft SMTP Inbound Email Server

You can use a Microsoft SMTP email server for inbound email. To complete this process, you'll need help from your Account Representative and access to both your Microsoft server and NiCE CXone.

See the Microsoft documentation Icon of a square with an arrow pointing out from the top right corner for details or further help with the configuration process.

Requirements:

  • An active Azure subscription and account.

  • Your Azure account must have Application Developer permissions.

  • An existing workforce or external tenant. You can use your Default Directory.

Complete each of these tasks in the order given.

Create an App Registration in Microsoft Entra

  1. Sign in to Microsoft Entra Icon of a square with an arrow pointing out from the top right corner. If you have multiple tenants, click Settings to select the tenant you want to register.

  2. In the left menu, go to Manage > App registrations and click New registration.

  3. Enter a meaningful Name. Others can see this name. You can update it any time. You can have multiple app registrations with the same name.

  4. Under Supported account types, select who can use the application. For example, Single tenant only - Nice CXOne.

  5. Click Register.

  6. In the Overview page, copy the Application (client) ID and Directory (tenant) ID and store those values in a secure location. You will need to enter this information in NiCE CXone in a later step.

Configure API Permissions

  1. From the Overview page of your app registration, under Manage, click API permissions.

  2. Under Configured permissions, click Add a permission.

  3. Under Microsoft APIs, select Microsoft Graph.

  4. Click Application Permissions.

  5. Open the Mail drop-down and select Mail.Read.

  6. Click Add permissions.

  7. Select Grant admin consent for < tenant name >, then select Yes. It may take up to 30 minutes for Microsoft 365 to receive these permission changes from Microsoft Entra.

Limit Access to Mailboxes

By default, the steps above grant the app registration access to send and receive emails through any mailbox. You can limit its access to specific mailboxes. Follow these steps Icon of a square with an arrow pointing out from the top right corner to create a mail-enabled security group in Microsoft Exchange admin center. Assign the app registration and specific mailboxes to that security group.

Create Client Certificate Credentials

Microsoft recommends an x509 self-signed certificate for authentication. This is the most secure method. Use the PowerShell script linked below to create:

  • A Certificate Enrollment Request (CER) file to upload to Microsoft Entra admin center.

  • A Personal Information Exchange (PFX) file to upload to NiCE CXone.

  1. Download this PowerShell script.

  2. Open the script in PowerShell.

  3. Change the [String] $CertName parameter to the certificate name you want to use.

  4. Change the [String] $Password parameter to the password you want to use. Store it in a secure location.

  5. Run the script.

Add Credentials to App Registration in Microsoft Entra

Next, you must add the generated credentials to the app registration you created in Microsoft Entra. This adds the public key to the app registration so it can validate the service when it connects to Graph.

  1. Sign in to Microsoft Entra Icon of a square with an arrow pointing out from the top right corner.

  2. Go to Manage > App registrations.

  3. Select the app registration you created previously.

  4. Under Client credentials, click Add a certificate or secret.

  5. Click Certificates > Upload Certificate.

  6. Upload the CER file you generated previously. Enter a Description and click Add.

Once you've completed these steps, your Account Representative must create a new OAuth-enabled SMTP Configuration for you in Cloud Email tools. They must complete the necessary configurations on their end before you can continue.

Enter Your Server Credentials in NiCE CXone

  1. Click the app selector icon of app selector and select ACD.
  2. Go to Digital > Points of Contact Digital.
  3. Click CXone Email.
  4. Click Advanced Settings. If you do not use a Microsoft SMTP mail server, this button is visible but the following screen is blank.
  5. Select the Inbound tab.
  6. Click Details next to the SMTP configuration your Account Representative created.
  7. Enter the Tenant Id and Client Id of the app registration you created.
  8. Next to Authentication Method, select Client Certificate.
  9. Upload the PFX file you generated previously.
  10. Enter the Password you set in the [String] $Password parameter in the PowerShell script.

  11. Click Authorize. A success message appears.

  12. Repeat these steps for each email domain or business unitClosed High-level organizational grouping used to manage technical support, billing, and global settings for your NiCE CXone system. you use.

Create Subscription and Channel

Create a new subscription to the mailbox you want emails to be delivered to.

  1. In ACDDigital > Points of Contact Digital > CXone Email, click Advanced Settings.

  2. Select the Inbound tab.

  3. Click Subscriptions next to the SMTP configuration you authorized.

  4. In New Subscription Mailbox Address, enter the mailbox address, including the domain. For example, support@classics.com.

  5. Click Subscribe. A check mark appears in the Active column.

  6. Create a CXone email channel. Make sure the Inbound Configuration matches the New Subscription Mailbox Address you entered in the subscription.

  7. Create a digital skill.

  8. Repeat these steps for each email domain or business unitClosed High-level organizational grouping used to manage technical support, billing, and global settings for your NiCE CXone system. you use.

  9. Send a test email to confirm it works.

Any social media, social networking, and other technology sites, applications, or products referenced in this topic are the property of their respective owners.