Configure your email channel for OAuth with Microsoft Office 365
Stay organized with collections
Save and categorize content based on your preferences.
This document shows you how to configure a Contact Center AI Platform (CCAI Platform) email channel
to support Microsoft OAuth.
Prerequisites
An Azure account
with an active subscription. The account needs to have Microsoft Entra
management access, so it must be configured as one of the following roles:
Application administrator
Application developer
Cloud application administrator
A Microsoft Entra tenant. See the
Microsoft quickstart guide
for instructions about how to create a tenant.
Make sure the email account allows IMAP & SMTP
CCAI Platform uses IMAP and SMTP to send and receive email from
Microsoft. Because a Microsoft account can be connected to different programs,
it is important to ensure that IMAP or SMTP is not blocked by any other
secondary programs. The following steps walk you through some common places to
check in Microsoft.
Go to Users > Active users in the left navigation panel.
Select a user to verify.
Click Mail. If you see "This user doesn't have an Exchange Online
license", then you need to give the user a proper license to use Exchange.
Without a proper license CCAI Platform won't be able to send or
receive emails for this user account.
After a proper license is added, select Manage email apps under the
Mail tab. Ensure that IMAP and Authenticated SMTP are checked.
Click Save.
Go to Mailboxes on the left navigation panel.
Select the user account you want to check.
Under the General tab, select Manage email apps settings. Ensure that
the IMAP toggle is enabled.
Register an application
Sign in to the Microsoft Entra administrator center. If you have multiple tenants,
use the Directories + Subscriptions filter to switch to the correct
tenant.
Go to Identity > Applications > App registrations > New registration.
Enter an identifiable display Name. Multiple app registrations can share the
same name. The client ID is what the program uses to identify the app.
However, because users of the program can see the name you've created, it
might expedite registration to giving it a unique name.
Specify the account type that can use the application, or sign-in audience.
Several account types are supported:
Accounts in this organizational directory only: Select this option if
you're building an application for use only by users (or guests) in a
single tenant. This is sometimes referred to as a line of business (LOB)
application.
Accounts in any organizational directory: Select this option if you
want users in any tenant to be able to use this application. This option
is preferable for multi-tenant configurations.
Accounts in any organizational directory and personal Microsoft
accounts: Select this option if you want users in any tenant to be able
to use this application, as well as users who have personal Microsoft
accounts.
Personal Microsoft accounts: Select this option if you only want to
create an application for users who have personal Microsoft accounts.
Includes Microsoft, Skype, Xbox, Live, and Hotmail accounts.
For Redirect URI, select Web and enter
https://{tenant}.ccaiplatform.com/v1/email_accounts/oauth_callback. Replace
{tenant}` with your CCAI Platform tenant name.
Click Register to complete the initial app registration.
After registration is complete, you will see the Overview screen. Note the
following information, which you will need when you complete the process in
CCAI Platform:
Application (client) ID
Directory (tenant) ID
Enable the application
Sign in to the Microsoft Entra administrator center.
Go to Identity > Applications > Enterprise Applications and select the
app.
Go to Properties.
Toggle Visible to users? to Yes.
Add application credentials
Create a client secret for use on the CCAI Platform platform.
Sign in to the Microsoft Entra administrator center.
Go to Identity > Applications > App registrations and select the app.
Go to Certificates & secrets > Client secrets > New client secret. This
will open a panel for you to name the secret.
Add a description for the client secret.
Select an expiration date for the secret, or specify a custom lifetime.
Client secret lifetime is limited to two years (24 months) or less, however
Microsoft recommends setting an expiration value of less than 12 months.
Click Add. Make a note of the secret's value. You will need it to
complete the process in CCAI Platform.
Add API permissions
The Graph API enables access tokens to work with IMAP, required for the
CCAI Platform email channel's operation.
Sign in to the Microsoft Entra administrator center.
Go to Identity > Applications > App registrations and select the app.
Select API permissions > Add a permission.
Select Microsoft Graph.
Select Delegated permissions. Use the Select permissions search bar
to perform the following searches and check the boxes next to proper
results:
IMAP: Check IMAP.AccessAsUser.All
offline: Check offline_access
openid: Check openid
smtp: SMTP.Send
Click Add permissions.
Add credentials to CCAI Platform
After the Microsoft setup is complete, use the information from the setup
process to complete the connection between the two programs in
CCAI Platform. Go to Settings > Email Account Management > Email
SO and enter the following information:
Access Type: leave empty.
Authorization URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize.
{tenant_id} is the Directory (tenant) ID from the Microsoft app.
Token URL: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token.
{tenant_id} is the Directory (tenant) ID from the Microsoft app.
Client ID: The Application (client) ID from the Microsoft app.
Client Secret: The Client Secret value from the Microsoft app.
Scope: Enter the following values. They don't need to be comma-separated but
they must all be present.
openid email offline_access
https://outlook.office.com/IMAP.AccessAsUser.All
https://outlook.office.com/SMTP.Send
State: leave empty.
Access Type: leave empty.
Grant Type: Authorization Code
Clear "Include the Grant Type as part of the Authorization URL and Token URL."
Check "Include the Redirect URL as part of the Authorization URL and Token URL."
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis document guides users through configuring a Contact Center AI Platform (CCAI Platform) email channel to work with Microsoft OAuth for supported CRMs such as Salesforce, Zendesk, Kustomer, and Custom CRMs.\u003c/p\u003e\n"],["\u003cp\u003eUsers must have an active Azure account with Microsoft Entra management access and a Microsoft Entra tenant to begin setting up their email channel with CCAI Platform.\u003c/p\u003e\n"],["\u003cp\u003eTo enable email functionality, users need to ensure that IMAP and Authenticated SMTP are enabled for the Microsoft account, and that the user has an Exchange Online license.\u003c/p\u003e\n"],["\u003cp\u003eSetting up the application requires registering it in the Microsoft Entra admin center, specifying the account type, setting the Redirect URI, and noting down the Application (client) ID and Directory (tenant) ID.\u003c/p\u003e\n"],["\u003cp\u003eKey steps for application configuration include enabling the application, generating a client secret, adding necessary API permissions (IMAP, offline, openid, SMTP), and finally entering the provided information into the CCAI Platform settings to complete the connection.\u003c/p\u003e\n"]]],[],null,["# Configure your email channel for OAuth with Microsoft Office 365\n\nThis document shows you how to configure a Contact Center AI Platform (CCAI Platform) email channel\nto support Microsoft OAuth.\n| **Note:** Email channel is only available for Salesforce, Zendesk, Kustomer, and Custom CRMs.\n\nPrerequisites\n-------------\n\n1. An [Azure account](https://azure.microsoft.com/en-us/free/?WT.mc_id=A261C142F)\n with an active subscription. The account needs to have Microsoft Entra\n management access, so it must be configured as one of the following roles:\n\n - Application administrator\n - Application developer\n - Cloud application administrator\n2. A Microsoft Entra tenant. See the\n [Microsoft quickstart guide](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-create-new-tenant)\n for instructions about how to create a tenant.\n\nMake sure the email account allows IMAP \\& SMTP\n-----------------------------------------------\n\nCCAI Platform uses IMAP and SMTP to send and receive email from\nMicrosoft. Because a Microsoft account can be connected to different programs,\nit is important to ensure that IMAP or SMTP is not blocked by any other\nsecondary programs. The following steps walk you through some common places to\ncheck in Microsoft.\n\n1. Go to **Users \\\u003e Active** users in the left navigation panel.\n\n2. Select a user to verify.\n\n3. Click **Mail**. If you see \"This user doesn't have an Exchange Online\n license\", then you need to give the user a proper license to use Exchange.\n Without a proper license CCAI Platform won't be able to send or\n receive emails for this user account.\n\n4. After a proper license is added, select **Manage email apps** under the\n *Mail* tab. Ensure that IMAP and Authenticated SMTP are checked.\n\n5. Click **Save**.\n\n6. Go to **Mailboxes** on the left navigation panel.\n\n7. Select the user account you want to check.\n\n8. Under the **General** tab, select **Manage email apps settings**. Ensure that\n the IMAP toggle is enabled.\n\nRegister an application\n-----------------------\n\n1. Sign in to the Microsoft Entra administrator center. If you have multiple tenants,\n use the *Directories + Subscriptions* filter to switch to the correct\n tenant.\n\n2. Go to **Identity \\\u003e Applications \\\u003e App registrations \\\u003e New registration**.\n\n3. Enter an identifiable display Name. Multiple app registrations can share the\n same name. The client ID is what the program uses to identify the app.\n However, because users of the program can see the name you've created, it\n might expedite registration to giving it a unique name.\n\n4. Specify the account type that can use the application, or sign-in audience.\n Several account types are supported:\n\n 1. *Accounts in this organizational directory only*: Select this option if\n you're building an application for use only by users (or guests) in a\n single tenant. This is sometimes referred to as a line of business (LOB)\n application.\n\n 2. *Accounts in any organizational directory*: Select this option if you\n want users in any tenant to be able to use this application. This option\n is preferable for multi-tenant configurations.\n\n 3. *Accounts in any organizational directory and personal Microsoft\n accounts*: Select this option if you want users in any tenant to be able\n to use this application, as well as users who have personal Microsoft\n accounts.\n\n 4. *Personal Microsoft accounts*: Select this option if you only want to\n create an application for users who have personal Microsoft accounts.\n Includes Microsoft, Skype, Xbox, Live, and Hotmail accounts.\n\n5. For **Redirect URI** , select **Web** and enter\n `https://{tenant}.ccaiplatform.com/v1/email_accounts/oauth_callback`. Replace\n `{tenant}`\\` with your CCAI Platform tenant name.\n\n6. Click **Register** to complete the initial app registration.\n\n7. After registration is complete, you will see the *Overview* screen. Note the\n following information, which you will need when you complete the process in\n CCAI Platform:\n\n - Application (client) ID\n - Directory (tenant) ID\n\nEnable the application\n----------------------\n\n1. Sign in to the Microsoft Entra administrator center.\n\n2. Go to **Identity \\\u003e Applications \\\u003e Enterprise Applications** and select the\n app.\n\n3. Go to **Properties**.\n\n4. Toggle *Visible to users?* to **Yes**.\n\nAdd application credentials\n---------------------------\n\nCreate a client secret for use on the CCAI Platform platform.\n\n1. Sign in to the Microsoft Entra administrator center.\n\n2. Go to **Identity \\\u003e Applications \\\u003e App registrations** and select the app.\n\n3. Go to **Certificates \\& secrets \\\u003e Client secrets \\\u003e New client secret**. This\n will open a panel for you to name the secret.\n\n4. Add a description for the client secret.\n\n5. Select an expiration date for the secret, or specify a custom lifetime.\n Client secret lifetime is limited to two years (24 months) or less, however\n Microsoft recommends setting an expiration value of less than 12 months.\n\n6. Click **Add**. Make a note of the secret's value. You will need it to\n complete the process in CCAI Platform.\n\nAdd API permissions\n-------------------\n\nThe Graph API enables access tokens to work with IMAP, required for the\nCCAI Platform email channel's operation.\n\n1. Sign in to the Microsoft Entra administrator center.\n\n2. Go to **Identity \\\u003e Applications \\\u003e App registrations** and select the app.\n\n3. Select **API permissions \\\u003e Add a permission**.\n\n4. Select **Microsoft Graph**.\n\n5. Select **Delegated permissions** . Use the **Select permissions** search bar\n to perform the following searches and check the boxes next to proper\n results:\n\n - IMAP: Check `IMAP.AccessAsUser.All`\n - `offline`: Check `offline_access`\n - `openid`: Check `openid`\n - `smtp`: `SMTP.Send`\n6. Click `Add permissions`.\n\nAdd credentials to CCAI Platform\n--------------------------------\n\nAfter the Microsoft setup is complete, use the information from the setup\nprocess to complete the connection between the two programs in\nCCAI Platform. Go to **Settings \\\u003e Email Account Management \\\u003e Email\nSO** and enter the following information:\n\n*Access Type*: leave empty.\n\n*Authorization URL* : `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize`.\n`{tenant_id}` is the Directory (tenant) ID from the Microsoft app.\n\n*Token URL* : `https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token`.\n`{tenant_id}` is the Directory (tenant) ID from the Microsoft app.\n\n*Client ID*: The Application (client) ID from the Microsoft app.\n\n*Client Secret*: The Client Secret value from the Microsoft app.\n\n*Scope*: Enter the following values. They don't need to be comma-separated but\nthey must all be present.\n\n- `openid email offline_access`\n- `https://outlook.office.com/IMAP.AccessAsUser.All`\n- `https://outlook.office.com/SMTP.Send`\n\n*State*: leave empty.\n\n*Access Type*: leave empty.\n\n*Grant Type*: Authorization Code\n\nClear \"Include the Grant Type as part of the Authorization URL and Token URL.\"\n\nCheck \"Include the Redirect URL as part of the Authorization URL and Token URL.\"\n\nClick **Save**."]]