OAuth Setup for Microsoft Services

NoteThis feature is not available in versions of Gemini before 7.1.0

Configuring OAuth is a two-step process. First, you configure Microsoft Services to know about Gemini. Then you configure Gemini to use these services.



NoteThe App Registration you set up in Azure can be used for Gemini's Graph API integration as well as for Breeze Mailboxes and SMTP

Microsoft 365 Configuration

Create an application in Azure

Navigate to the Azure Portal and login (Portal.Azure dotcom).

On the menu of services, select Microsoft Entra ID.

Select App Registrations

If this is the first time you are setting this up, add a new application registration.

Give your application a name e.g. Gemini Email Connector. Choose the access level (defaults will suffice for 99% of users). Do not specify a Redirect URI.

Click Register

Configure your application

On registering your application, 2 values are applied to it that are essential.

  • The Application(Client) ID
  • The Tenant(Directory) ID

Note these, you will use them to configure Gemini later.

Select authentication from the menu

Add a platform and select Web application from the list of choices.

Enter the Redirect URI.

Breeze Redirect URIThis will be in the format https://yourServer.com/Admin/OAuthCallback, where yourServer.com is the url of your Gemini instance.

Entra ID Redirect URIThis will be in the format https://yourServer.com/account/postentralogin, where yourServer.com is the url of your Gemini instance.



You can use the same App Registration (TenantId, Client Id, and Client Secret) for Entra ID, Breeze Mailboxes, SMTP, and Graph API because you can specify multiple Redirect URIs for one App Registration.



NoteYour Gemini site must be hosted on an SSL connection (https) as http redirects are not permitted.

Click Configure

Select Certificates & secrets

Create a new client secret

NoteIf you wish to use a certificate instead, please refer to the Microsoft documentation on the subject.

Enter a secret that will be encoded when you click "Add"

NoteWe recommend you set your secret expiry to the longest available period, so Gemini does not suddenly stop working with email.

NoteCopy the encoded secret immediately! It cannot be seen again anywhere in the portal.

Gemini Mailbox Configuration

To use OAuth with Gemini mailboxes, you can choose to configure the connection as IMAP, Graph, or Exchange(EWS).

Note Microsoft has announced that EWS will be deprecated in October 2026. We therefore recommend you choose IMAP or, if you are on Gemini 7.6.0 or above, Graph API.

IMAP Configuration

Specify OAuth2 as the Authentication Mode

When you do this, you will be prompted for an OAuth Provider. Select Microsoft.

You must use SSL, and we recommend you leave the SSL protocol as Auto so Gemini can select the most modern.

GRAPH API Configuration

Specify Graph as the Authentication Mode

Exchange(EWS) Configuration

Selecting Exchange will require you to select the Exchange version. Select Office365_OAuth.

The Exchange Web Server URL will be defaulted for you. The domain is likely to remain empty for O365 and OAuth

Generic OAuth Configuration

4 new fields have been added to Gemini's Mailbox/SMTP configuration

  • Tenant ID - the Tenant ID from your Azure application
  • Client ID - the Client ID from your Azure application
  • Client Secret - the Client Secret from your Azure application
  • Scopes - A field that will auto-populate for you (but you won't see it if you choose Graph)

Save your configuration when you have provided the mandatory details. If you are not using Graph, you will be redirected and required to authenticate with your OAuth provider

Note if you are not using Graph and authenticating with Azure, you must use the MAILBOX email account e.g. support@company.com, not your own account or an admin account.

If you authenticate with Azure, confirm the access permissions, and you'll be returned to Gemini, where you should see a success message

Gemini SMTP Configuration

OAuth configuration is the same for both the generic system mailbox in System Email Options and the SMTP mailbox(es) for Breeze Ticketing

Navigate to Ticketing...SMTP Servers and edit or add a new SMTP connection

Provide a name for your SMTP Server. For Microsoft OAuth, the server and port should be as shown above.

Select OAuth2 from the Authentication Modes drop-down. You will see the form present new fields. Graph requires less metadata as things like server and port are not relevant.

The scopes will be automatically populated (you won't see them for Graph), but complete the rest of the fields as per the Azure AD Application details created earlier.

Save the configuration. On Ticketing SMTP servers, you should get a simple success message. On System Email Options, you will get a verbose trail of Gemini testing the SMTP connection.

Related