OAuth 2.0 in Exchange Online: Support for single tenant

Feature ID: CRMS-1280

When configuring OAuth 2.0 for an Exchange Online integration in Sage CRM, you can specify whether your Sage CRM app in Microsoft Entra ID supports a single tenant or multiple tenants.

To do so, use a new option Supported account type when creating a new or modifying an existing connection to Exchange Online in Sage CRM (My profile | Administration | Emails and Documents | Exchange Integration | Connection Management).

Complete the below steps to configure OAuth 2.0 for Exchange Online. Before you begin, make sure that your Office 365 administrator account has a mailbox configured in Exchange Online.

Step 1: Add ApplicationImpersonation role in Exchange Online

  1. Sign in to the Exchange admin center in Office 365.

  2. Add the ApplicationImpersonation role to your Office 365 administrator account:

    1. Go to permissions | admin roles.

    2. Select the plus sign (+) to create a new role group for Sage CRM:

      • In Name, enter a descriptive name for the group (for example, Sage CRM impersonation).

      • Under Roles, select the plus sign (+) and add the ApplicationImpersonation admin role.

      • Under Members, select the plus sign (+) and add your Office 365 admin account. The account must have a mailbox configured in Exchange Online.

  3. When you are done, select Save.

Step 2: Enable mail app access in Microsoft 365

  1. Sign in to the Microsoft 365 admin center.

  2. Go to Active users.

  3. For each user in the list, do the following: 

    1. Select user's display name.

    2. In the dialog that opens, select the Mail tab.

    3. Select Manage mail apps.

    4. In the dialog that opens, select check boxes next to all apps except Outlook desktop (MAPI) and IMAP.

    5. Save your changes.

Step 3: Register Sage CRM as a new app in Entra ID

  1. Sign in to the Microsoft Entra admin center as an administrator.

  2. Go to App registrations.

  3. Register a new application: 

    1. Select New registration.

    2. Enter a descriptive name for the application.

    3. Under Supported account types, select one of the following: 

      • Accounts in this organizational directory only (Default Directory only - Single tenant) if you want your Sage CRM app to support a single tenant.

      • Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) if you want your Sage CRM app to support multiple tenants.

        Sage CRM does not support other options under Supported account types.

  1. Under Redirect URI (optional), select Public client/native (mobile & desktop) and enter the following URIs:

    • http://localhost/<install name>/custompages/oauth/callback.html

    • https://<server name>/<install name>/custompages/oauth/callback.html

    If your Sage CRM server is accessible on the internet, also add:

    • https://<server FQDN>/<install name>/custompages/oauth/callback.html

    In these URIs: 

    • <install name> is the name of your Sage CRM installation. It must be all lowercase.

    • <server name> is the name of the Sage CRM server. It must be all lowercase.

    • <server FQDN> is the fully qualified domain name of the Sage CRM server. It must be all lowercase.

  2. Select Register.

  3. Copy the application (client) ID that displays and store it in a file.

  4. Go to API permissions and add the following Microsoft Graph delegated permission for your app:

    • EWS.AccessAsUser.all

Step 4: Configure Exchange Integration in Sage CRM

If you have Microsoft Office 365 credentials cached on the Sage CRM server, you may encounter errors while completing the below steps. To avoid errors, we recommend that you either complete these steps in an incognito tab of your web browser or clear your web browser's cache.

  1. Open a web browser on the Sage CRM server and enter the Sage CRM access URL replacing the server name or IP address with localhost.

    For example: http://localhost/crm

  2. Log on to Sage CRM as a system administrator.

  3. Go to <My profile> | Administration | System | System Behavior and click Change.

  4. Make sure that Use Exchange Integration is set to Yes.

  5. Go to <My profile> | Administration | Emails and Documents | Exchange Integration | Connection Management and click New.

  6. Complete the following options:

    • In Exchange type, select Exchange Online (Office 365).

    • In Exchange Web Service URL, enter https://outlook.office365.com/EWS/Exchange.asmx.

    • In Application (client) ID, enter the ID you copied in Step 3: Register Sage CRM as a new app in Entra ID.

    • In Supported account type, enter one of the following values, depending on how your app in Entra ID is configured:

      • common. Enter this value if your app in Entra ID supports multiple tenants.

      • {Tenant ID} or {domain name}. Enter a tenant ID or domain name if your app in Entra ID supports a single tenant.

    • OAuth authority URL shows the authentication URL that Sage CRM uses for the specified account type, that is, https://login.microsoftonline.com/{account type}/oauth2/v2.0, where {account type} is either common or {tenant ID}/{domain name}.

  7. Select Save.

You may be prompted to sign in to your Office 365 admin account and grant permissions to the Sage CRM app you have registered earlier.