Configuring OAuth 2.0 for Exchange Online (Office 365)

Before you begin, make sure that your Office 365 administrator account has a mailbox configured in Exchange Online.

Step 1: Add ApplicationImpersonation role in Exchange Online

  1. Sign in to the Exchange admin center in Office 365.

  2. Add the ApplicationImpersonation role to your Office 365 administrator account:

    1. Go to Roles | Admin roles.

    2. Select Add role group and fill in the basic information. Select Next.

    3. In the list, locate and select the ApplicationImpersonation admin role. Select Next.

    4. In Members, select your Office 365 admin account. The account must have a mailbox configured in Exchange Online. Select Next.

    5. Select Add role group.

Step 2: Enable mail app access in Microsoft 365

  1. Sign in to the Microsoft 365 admin center.

  2. Go to Active users.

  3. For each user in the list, do the following: 

    1. Select user's display name.

    2. In the dialog that opens, select the Mail tab.

    3. Select Manage email apps.

    4. In the dialog that opens, select check boxes next to all apps except Outlook desktop (MAPI) and IMAP.

    5. Save your changes.

Step 3: Register Sage CRM as a new app in Entra ID

  1. Sign in to the Microsoft Entra admin center as an administrator.

  2. Go to App registrations.

  3. Register a new application: 

    1. Select New registration.

    2. Enter a descriptive name for the application.

    3. Under Supported account types, select one of the following: 

      • Accounts in this organizational directory only (Default Directory only - Single tenant) if you want your Sage CRM app to support a single tenant.

      • Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) if you want your Sage CRM app to support multiple tenants.

        Sage CRM does not support other options under Supported account types.

  1. Under Redirect URI (optional), select Public client/native (mobile & desktop) and enter the following URIs:

    Copy 
    https://{server name}/{install name}/custompages/oauth/callback.html

    If your Sage CRM server is accessible on the internet, also add:

    Copy 
    https://{server FQDN}/{install name}/custompages/oauth/callback.html

    In these URIs: 

    • {install name} is the name of your Sage CRM installation. It must be all lowercase.

    • {server name} is the name of the Sage CRM server. It must be all lowercase.

    • {server FQDN} is the fully qualified domain name of the Sage CRM server. It must be all lowercase.

  2. Select Register.

  3. Copy the application (client) ID that displays and store it in a file.

  4. Go to API permissions and add the following Microsoft Graph delegated permission for your app:

    • EWS.AccessAsUser.all

Step 4: Configure Exchange Integration in Sage CRM
If you have Microsoft Office 365 credentials cached on the Sage CRM server, you may encounter errors while completing the below steps. To avoid errors, we recommend that you either complete these steps in an incognito tab of your web browser or clear your web browser's cache.

  1. Open a web browser on the Sage CRM server and enter the Sage CRM access URL.

    For example:

    Copy 
    https://myserver/crm

  2. Log on to Sage CRM as a system administrator.

  3. Go to <My profile> | Administration | System | System Behavior and click Change.

  4. Make sure that Use Exchange Integration is set to Yes.

  5. Go to <My profile> | Administration | Emails and Documents | Exchange Integration | Connection Management and click New.

  6. Complete the following options:

    • In Exchange type, select Exchange Online (Office 365).

    • In Exchange Web Service URL, enter the following:

      Copy 
      https://outlook.office365.com/EWS/Exchange.asmx

    • In Application (client) ID, enter the ID you copied in Step 3: Register Sage CRM as a new app in Entra ID.

    • In Supported account type, enter one of the following values, depending on how your app in Entra ID is configured:

      • common. Enter this value if your app in Entra ID supports multiple tenants.

      • {Tenant ID} or {domain name}. Enter a tenant ID or domain name if your app in Entra ID supports a single tenant.

    • OAuth authority URL shows the authentication URL that Sage CRM uses for the specified account type, that is, https://login.microsoftonline.com/{account type}/oauth2/v2.0, where {account type} is either common or {tenant ID}/{domain name}.

  7. Select Save.

You may be prompted to sign in to your Office 365 admin account and grant permissions to the Sage CRM app you have registered earlier.