Configure SMTP with OAuth using Microsoft Exchange Online
Microsoft Exchange Online is deprecating basic authentication for sending emails via SMTP starting March 2026. OAuth is the new standard going forward.
iGrafx Process360 Live will continue to support SMTP basic authentication.
Sending emails via SMTP with OAuth in Process360 Live is only supported through Microsoft Exchange Online. No other providers are supported at this time.
Overview
Create Azure application registration
Create a client secret
Grant API permissions
Add service account
Configure Process360 Live
Prerequisites
Azure permissions to create an app registration and service account
Azure tenant admin to approve API permissions
Exchange Online Powershell (instructions provided in this article)
Compatibility
Process360 Live version 19.20+
Step-by-Step Instructions
Create Azure Application Registration
Sign in to the Azure portal and search for App registrations in the top search bar. Select the App registrations service.
On the App registrations page, click + New registration.
Under Supported account types, select the option that best fits your organization, then click Register.
If you are not redirected automatically, open your newly created app registration.
On the Overview page, copy the Application (client) ID and Directory (tenant) ID, and store them securely for later use.
Create a Client Secret
In your newly created App registration, navigate to Manage → Certificates & secrets.
Select the Client secrets tab.
Click + New client secret.
Enter a description and choose an expiration that aligns with your organization’s security policies.
Click Add to create the client secret.
Copy the secret value immediately and store it securely. Be sure to copy the secret value, not the secret ID.
Grant API Permissions
Still in your App Registration under Manage select API permissions.
Click + Add a permission.
Select the APIs that my organization uses and search “Office 365 Exchange Online“.
Select Office 365 Exchange Online from the list.
Select Application permissions.
Scroll to SMTP and expand that list.
Select SMTP.SendAsApp as the new API permission.
Click Add permissions.
The admin of the tenant you created the App Registration in now has to approve the new API Permissions.
The admin must go to the App Registration under Manage and select API Permissions.
Select the newly created API Permission from the list.
Once highlighted a Grant admin consent for {OrganizationName} button will appear. Click this (the button will change to your organization’s name).
Add Service Account
We need to get the App Registration’s Object ID which is different from the Application client ID.
In Azure search “Enterprise Applications” in the search bar and click the resulting service.
You should be directed to the All applications blade under Manage. If not go there.
In the search bar search the name of the App Registration you created earlier and click on your App Registration.
On the Overview page you will see an Object ID. Copy and store this in a safe place.
Run the following command, on a windows machine in Powershell, to download and install Exchange Online Powershell and connect (replace <TENANT_ID> with the Directory (tenant) ID from above).
CODEInstall-Module -Name ExchangeOnlineManagement Import-module ExchangeOnlineManagement Connect-ExchangeOnline -Organization <TENANT_ID>Run the following command to create a new service account and replace <APPLICATION_CLIENT_ID> and <OBJECT_ID> with the Application (client) ID and Object ID, respectively, from previous steps.
CODENew-ServicePrincipal -AppId <APPLICATION_CLIENT_ID> -ObjectId <OBJECT_ID> [-Organization <TENANT_ID>]Run the following command to get details about the newly created service account. Copy the ObjectId from the result of the command’s output.
This ObjectId is different from the one in the previous step. This is the ObjectId of the new service account.CODEGet-ServicePrincipal | flRun the following command to give the service account access to a mailbox within your organization - SERVICE_PRINCIPAL_ID is the ObjectID from the previous command referring to the service account not the App Registration.
CODEAdd-MailboxPermission -Identity "mailboxAddress@example.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
Configure Process360 Live
Go to your Email Settings, Admin → Email Management → Email Settings.
Under Outgoing Email Settings fill in the relevant fields.
Sender Display Name: This must match the display name set for the service account exactly. If you did not set one the display name will probably be the email address.
Sender Email Address: Email address of the service account.
Subject Prefix: Custom value set by the user.
Send Error Email to: Can be left blank or filled out to receive information if an error occurs sending emails.
Scroll to Server Details and select SMTP.
Under Authentication select Microsoft Exchange Online
Enter the client id, client secret, and tenant id from earlier steps into their corresponding fields
To verify the setup, enter a Test Email Target Address and click SEND TEST EMAIL.
A green success message appears at the bottom of the page. If the send fails, a red error message is shown instead.Click SAVE EMAIL SETTINGS if your test email was delivered correctly
Troubleshooting
No email received
Double check that the success message was displayed when sending the test email. Check your junk/spam folder in your inbox.
It may be worth checking with your IT department to ensure these emails aren’t automatically being filtered out.
Error
If you get any Authentication unsuccessful errors when trying to send the test email ensure all your credentials are correct. This includes the Sender Display Name and Sender Email Address. If you did not set a display name for the sender, try using the sender’s email address as the Sender Display Name.
If you have any other issues, please refer to the official Microsoft guide to setup App Registration and Service Account. Follow the guide for “Client Credential Grant Flow”. Any other flows will not work with Process360 Live.