What Service Provider do I select for connecting to Microsoft Exchange Online using OAuth 2.0 and POP3?
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Purpose
Microsoft Exchange Online is deprecating basic authentication according to the information in their Exchange Team Blog.
Jira has been supporting OAuth with IMAP but has recently included the same support for POP3 and SMTP (for outgoing mail).
OAuth 2.0 support for POP3 mailboxes has been added to the following Jira versions: 8.5.12, 8.13.4, and 8.15.0.
OAuth 2.0 support for Microsoft SMTP outgoing mail has appeared in Jira 9.2.0 and will be available in the next versions.
Solution
Since POP3 for Microsoft Exchange Online isn’t listed as an option for a service provider setting, you should select Microsoft Exchange Online / Outlook (IMAP) in your incoming mail server configuration.
To create the working configuration, you should
Add Microsoft as a new integration for OAuth 2.0 in Jira
Generate a correct OAuth 2.0 key and secret in Azure
Complete the incoming mail server configuration in Jira with the new server
To complete these steps, follow the instructions in this document.
Add Microsoft as a new OAuth 2.0 integration
To add Microsoft as a new integration for OAuth 2.0, check the Jira version you’re using and follow the corresponding instructions.
For Detailed steps to configure OAuth 2.0 integration with Microsoft Azure check this KB.
Jira 8.22 and newer
Follow the instructions on configuring an outgoing link
Jira 8.21 and older
Go to Administration > System > OAuth 2.0.
Select Add new integration.
In the Service Provider field, select Microsoft.
In the Redirect URL field, select Copy.
Generate an OAuth key and secret in Azure and go back to Jira. See the following instructions.
Learn more about Jira integration with OAuth 2.0
Generate an OAuth 2.0 key and secret in Azure
The following are common high-level steps for setting up the OAuth 2.0 application and related parameters in Azure. Please reach out to your MSFT administrator or their documentation and support if you need additional assistance or have questions. The work in Azure is outside of Jira’s support scope. However, to better assist our customers we created this detailed guide.
To get an OAuth key and secret in Azure:
Login to https://portal.azure.com/.
Select App registrations.
Select New registration.
Enter a friendly, easy-to-identify name.
Under Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
Under Redirect URI, select Web and insert the URL retrieved previously
Select Register.
Select API permissions.
Select Add a permission.
Select Microsoft Graph.
Select Delegated permissions.
Select the following permissions:
OpenId permissions: offline_access
IMAP: IMAP.AccessAsUser.All
POP: POP.AccessAsUser.All
Select Add permissions.
Select Grant admin consent for.
In the left menu, select Certificates & secrets.
Select New client secret.
Enter a description and select an expiration date.
Save the generated
Value
. You’ll use it as the Client secret in Jira. You’ll see theValue
only once.Select Overview.
Save the
Application (client) ID
. You’ll use it as the Client ID in Jira.Go back to Jira and complete the configuration by inserting the following details:
Client ID from step 20
Client secret from step 18
Scopes: "
https://outlook.office.com/IMAP.AccessAsUser.All"
, "https://outlook.office.com/POP.AccessAsUser.All
" and"offline_access"
Select Save.
Test the connection.
If the connection is successful, proceed with the following steps.
Optionally, check the Microsoft doc on how to get the Client ID and secret.
Complete the OAuth configuration in Jira
To complete the OAuth 2.0 configuration, on your Jira instance:
Go to Administration > System.
Under Mail, select Incoming mail.
In the Mail servers section, select Add mail server.
- In the Service Provider field, select Microsoft Exchange Online / Outlook (IMAP) even though you are using a POP3 account.
In the Username field, insert the email address used by Jira.
In the Authentication method field, select the newly created server.
Select Authorize and log in to Microsoft using the user account that is associated with the mailbox being configured.
Select Test Connection to ensure that it’s successful.
Select Save.
Learn more about the OAuth 2.0 configuration in the documentation on: