Configure OAuth for Microsoft SMTP Outbound Email Server

You can use a Microsoft SMTP email server for outbound email. To complete this process, you'll need help from your Account Representative and access to both your Microsoft server and NiCE CXone.

See the Microsoft documentation Icon of a square with an arrow pointing out from the top right corner for details or further help with the configuration process.

Requirements:

  • An active Azure subscription and account.

  • Your Azure account must have Application Developer permissions.

  • An existing workforce or external tenant. You can use your Default Directory.

Complete each of these tasks in the order given.

Create an App Registration in Microsoft Entra

  1. Sign in to Microsoft Entra Icon of a square with an arrow pointing out from the top right corner. If you have multiple tenants, click Settings to select the tenant you want to register.

  2. In the left menu, go to Manage > App registrations and click New registration.

  3. Enter a meaningful Name. Others can see this name. You can update it any time. You can have multiple app registrations with the same name.

  4. Under Supported account types, select who can use the application. For example, Single tenant only - Nice CXOne.

  5. Enter the Redirect URI for your region.

    Region URIs
    Asia

    • Japan - Tokyo: https://staticfiles.niceincontact.com/dfo-channels-email-ui/jp1/returned.html

    • Japan - Osaka: https://staticfiles.niceincontact.com/dfo-channels-email-ui/jo1/returned.html

    • Korea: https://staticfiles.niceincontact.com/dfo-channels-email-ui/kr1/returned.html

    • UAE: https://staticfiles.niceincontact.com/dfo-channels-email-ui/ae1/returned.html
    Australia

    • https://staticfiles.niceincontact.com/dfo-channels-email-ui/au1/returned.html

    • AU2 Sovereign: https://staticfiles.nicecxone-sov1.au/dfo-channels-email-ui/au2/returned.html
    Canada

    • https://staticfiles.niceincontact.com/dfo-channels-email-ui/ca1/returned.html

    Europe

    • https://staticfiles.niceincontact.com/dfo-channels-email-ui/eu1/returned.html

    • EU2 Sovereign Cloud: https://staticfiles.nicecxone-sov1.eu/dfo-channels-email-ui/eu2/returned.html

    • EU3 Sovereign Cloud: https://staticfiles.nicecxone-sov1.eu/dfo-channels-email-ui/eu3/returned.html
    South Africa

    • https://staticfiles.niceincontact.com/dfo-channels-email-ui/za1/returned.html

    United Kingdom

    • https://staticfiles.niceincontact.com/dfo-channels-email-ui/uk1/returned.html

    • UK2 Sovereign: https://staticfiles.nicecxone-sov1.uk/dfo-channels-email-ui/uk2/returned.html
    United States

    • https://staticfiles.niceincontact.com/dfo-channels-email-ui/na1/returned.html

    • FedRAMP: https://staticfiles-frm.niceincontact.com/dfo-channels-email-ui/na2/returned.html

  6. Click Register.

  7. In the Overview page, copy the Application (client) ID and Directory (tenant) ID and store those values in a secure location. You will need to enter this information in NiCE CXone in a later step.

  8. Create a client secret.

    1. Click Add a certificate or secret on the application registration overview page.

    2. Click the Client Secrets tab.

    3. Click New client secret.

    4. Enter a Description.

    5. In Expires, select the expiration time.

    6. Click Add.

    7. Copy the Value and store it in a secure location. You will not be able to access it here later. If you lose the value, create a new client secret.

Configure API Permissions

  1. From the Overview page of your app registration, under Manage, click API permissions.

  2. Under Configured permissions, click Add a permission.

  3. Under Microsoft APIs, select Microsoft Graph.

  4. Click Application Permissions.

  5. Open the Mail drop-down and select Mail.Send.

  6. Click Add permissions.

  7. Select Grant admin consent for < tenant name >, then select Yes. It may take up to 30 minutes for Microsoft 365 to receive these permission changes from Microsoft Entra.

Select User Mailboxes

Next, choose a user to associate with the connection. You can select an administrator or regular user. Also, select one or more mailboxes to send emails over SMTP. These correspond to the channels you create in NiCE CXone.

  1. Sign in to Microsoft 365 admin center.

  2. Go to Users > Active users.

  3. Select the user you want to associate with the connection. Copy their full email address and store it in a secure location.

  4. Select the user with the email address you want to use to send or receive emails.

    1. Copy that full email address and store it in a secure location.

    2. Click the Mail tab.

    3. Under Mailbox permissions, click Send as permissions.

    4. Click Add permissions.

    5. Select the email address you chose in step 3. This allows the user with that address to send or receive emails on behalf of this mailbox.

Enter Your Server Credentials in NiCE CXone

  1. Click the app selector icon of app selector and select ACD.
  2. Go to Digital > Points of Contact Digital.
  3. Click CXone Email.
  4. Click Advanced Settings. If you do not use a Microsoft SMTP mail server, this button is visible but the following screen is blank.
  5. Select the Outbound tab.
  6. Click Details next to the SMTP configuration your Account Representative created.
  7. Enter the Tenant Id and Client Id of the app registration you created.
  8. Enter the Client Secret.

  9. Click Authorize. You are routed to Microsoft to authorize NiCE CXone to consume your SMTP resources. The account you use to authorize should be a dedicated service or admin account, not a personal employee account. Log in to Microsoft authentication as that user. Enter the reason for the request and click Request approval. If authorization fails, check your Tenant Id and Client Id.

  10. Repeat these steps for each email domain or business unitClosed High-level organizational grouping used to manage technical support, billing, and global settings for your NiCE CXone system. you use.

Approve Access

  1. Sign in to Microsoft Entra Icon of a square with an arrow pointing out from the top right corner.

  2. Go to Manage > Enterprise applications > Admin consent requests.

  3. Select the pending request you just submitted.

  4. Confirm the details, including the Reply URL, and click Review permissions and consent.

  5. Log in to Microsoft using an admin account.

  6. Accept the request.

  7. Return to NiCE CXone. An error message saying "Response was not successful" appears. This is expected. Click OK. If necessary, you can close the tab.

  8. Click Authorize. A success message appears.

Once you've completed these steps, your Account Representative must create a new OAuth-based SMTP Configuration for you in Cloud Email tools. They can then add a new domain or migrate existing domains to the new configuration.

Any social media, social networking, and other technology sites, applications, or products referenced in this topic are the property of their respective owners.