MAS 9.1 Configuration for SMTP with Office 365 using OAuth 2.0 for sending emails

MAS 9.1 configuration for SMTP server with Office 365 using OAuth 2.0 for sending emails from Maximo.

Microsoft plans to retire Basic Authentication for client connection. So, we need to know the OAuth configuration for sending emails.

Before configuring MAS, gather the following details from Office 365

Parameter	Value
Tenant ID	Used in Token URL 51624263-3eg2-2371-871c-d2176f17d56c
Token URL	https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token for example, https://login.microsoftonline.com/51624263-3eg2-2371-871c-d2176f17d56c/oauth2/v2.0/token
Scope	"offline_access https://outlook.office365.com/IMAP.AccessAsUser.All"
Client ID	Used in OAuth Handler gc2ec841-b89c-3f29-9853-17d034c434f9
Client Secret	Used in OAuth Handler Eow8Q~_jUB3NfevPmA_hhWpWUricBFtDzhaubcCa
Grant Type	refresh_token
Refresh Token	Used in OAuth Handler 1.AUEApSSkgQMdy0ukCtEC8h412ktCgSNmRCJOvKDhF1
redirect_uri	https://hostname/maximo
Email address	Email address having client authorization. It will appear as "Sent from" in Emails.

Configuration steps in MAS 9.1 are as follows. 

OAuth Client

• Open End Points Application, Click on Add/Modify OAuth Clients.
• Add a new End point OAuth Client, using the above information.
• Don't select Access Token persistent? check box - as it will store the data in MAXOAUTHCLIENT table and throw error if the refresh token generated by Microsoft is more than ACCESSTOKEN column length. 

By default, the length of ACCESSTOKEN & REFRESHTOKEN columns are 2000. In real time scenarios, the token of Microsoft and other applications for smtp mail server or E-mail Listenser mailbox configuration is more than 2000 characters. If you plan to use persistent token values, please increase the length of these fields. 

Office365 OAuth Refresh Token Generation 

If the refresh token is expired, we can follow the below link to generate a new one. 

Office365 OAuth Generating a Refresh Token

It's recommended to consult email service provider to know the refresh token lifespan and expiration after inactivity. 

As per the instructions, we need to store the files in the path c:\dev\ps

Output File with refresh token

SMTP System Properties

In MAS 9.1, a new system property mxe.mail.oauth.clientName is introduced to set the OAuth client name for mail server. 

System Property	Value
mxe.mail.oauth.clientName	OAuth Client MAILOAUTH
mail.smtp.host	smtp.office365.com
mail.smtp.port	587
mxe.smtp.user	no-reply-mas@ibm.com

To disable OAuth for sending emails, please set the mxe.mail.oauth.clientName property value to null. 

Import Certificates 

Navigate to MAS Suite -> Administration -> Configuration

Import the certificates for SMTP 

Courtesy Rethima Gali

References

Importing certificates in Maximo Application Suite - IBM Documentation
mas/maximo-manage/sending-emails-oauth
Microsoft to retire Basic auth for SMTP Auth
MAS Increase REFRESHTOKEN ACCESSTOKEN length for MAXOAUTHCLIENT