Configuring an outgoing link

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

When you configure an outgoing link to an external application, Bamboo requests data from this application, which means that it acts as the OAuth client. This type of link is primarily used in Bamboo to create the OAuth 2.0 integration for popular mail servers. To learn more about the type of links and additional details, see Linking to another application.

We’ve created an outgoing OAuth 2.0 integration primarily because Google and Microsoft announced deprecating basic authentication. This means you wouldn’t be able to use these providers (Gmail, Microsoft Exchange Online) to let users create issues and comments from emails if you were authenticating using basic auth. To fix this, you need to configure the OAuth 2.0 integration with these providers, and then update the configuration of your mail servers.

You don’t need to take any actions if you’re using IMAP or POP3, these will continue to work.

You need to ensure the following:

To create and configure an outgoing link:

  1. From the top navigation bar, select Administration (bamboo administration icon) > Overview.
  2. On the Bamboo administration page, select Application links from the left menu.
  3. Select Create link.

  4. In the Create link dialog, select External application, and then choose Outgoing as the direction.

  5. Choose a service provider:

    • Google
    • Microsoft
    • Custom (for internal tools or other providers)

    Choosing Google or Microsoft lets you create an OAuth 2.0 integration for mail servers – in this case, some of the configuration fields will be pre-filled.

  6. Copy the redirect URL and register it in your external application to obtain the client ID and client secret required to complete the configuration.

    If you’re using Google or Microsoft as service providers, you’ll be able to copy the redirect URL right away. For custom providers, you need to first provide the Authorization endpoint and Token endpoint. For more information on registering the URL with Google or Microsoft, check out the following guides:

    Different providers might have different requirements related to the redirect URL. For example, Google doesn't allow it to be a private IP address. Make sure you provide an external URL (for example, of a load balancer for Bamboo Data Center).

  7. Fill-in the remaining configuration details:

    NameDescription
    Client IDThe client ID that's generated by the external application after registering Bamboo’s redirect URL. This is the public identifier of the application.
    Client secretThe client secret that's generated by the external application after registering Bamboo’s redirect URL. This is the shared secret between Bamboo and the application, which ensures the authorization is secure.
    Scopes
    The required OAuth 2.0 scopes (permissions) that control what Bamboo can do in the external application. You need to specify different scopes for email servers. 

    For Google, we recommend this scope: https://mail.google.com (for IMAP, POP3, and SMTP).

    For Microsoft, we recommend that you always use the offline_access scope and at least one additional scope, depending on what protocol you want to use. The scopes will vary depending on your Microsoft account type and the mail protocol type:

    • If you're using non-GCC (Government Community Cloud) accounts, we recommend the following scopes:

      https://outlook.office.com/IMAP.AccessAsUser.All (for IMAP)
      https://outlook.office.com/POP.AccessAsUser.All (for POP3)
      https://outlook.office.com/SMTP.Send (for SMTP)
      offline_access
    • For GCC accounts, use:

      https://outlook.office365.com/IMAP.AccessAsUser.All (for IMAP)
      https://outlook.office365.com/POP.AccessAsUser.All (for POP3)
      https://outlook.office365.com/SMTP.Send (for SMTP)
      offline_access

    For more information about scopes available in Google and Microsoft, see the detailed information at the Microsoft & Google sites.

    Authorization endpointThe HTTPS URL where authorization to use OAuth 2.0 is started.
    Token endpointThe HTTPS URL where refresh token requests are sent. As OAuth 2.0 tokens have an expiry, Bamboo will periodically update the token.
    Redirect URLThe redirect URL that must be registered in the external application to obtain its client ID and client secret. This redirects the authentication flow back to Bamboo.
  8. Save the link.

If you're facing some issues while configuring outgoing links for applications, check out our Application Links Troubleshooting Guide.

Last modified on Dec 6, 2024

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.