OAuth Setup for Microsoft Services

NoteThis feature is not available in versions of Gemini prior to 7.1.0

Configuring OAuth is a two-step process. First you configure Microsoft Services to know about Gemini. Then you configure Gemini to use these services.

Microsoft 365 Configuration

Create an application in Azure

Navigate to the Azure Portal and login (at the time of writing, this was Portal.Azure dotcom).

On the menu of services, select Azure Active Directory.

Select Azure App Registrations

If this is the first time you are setting this up, add a new application registration.

Give your application a name e.g. Gemini Email Connector. Choose the access level (defaults will suffice for 99% of users). Do not specify a Redirect URI.

Click Register

Configure your application

On registering your application there are 2 values that are applied to it that are essential.

  • The Application(Client) ID
  • The Tenant(Directory) ID

Note these, you will use them to configure Gemini later.

Select authentication from the menu

Add a platform and select Web application from the list of choices.

Enter the Redirect URI. This will be in the format https://yourServer.com/Admin/OAuthCallback, where yourServer.com is the url of your Gemini instance.

NoteYour Gemini site must be hosted on an SSL connection (https) as http redirects are not permitted.

Click Configure

Select Certificates & secrets

Create a new client secret

NoteIf you wish to use a certificate instead, please refer to the Microsoft documentation on the subject.

Enter a secret that will be encoded when you click "Add"

NoteWe recommend you set your secret expiry to the longest available period, so Gemini does not suddenly stop working with email.

NoteCopy the encoded secret immediately! It cannot be seen again anywhere in the portal.

Gemini Mailbox Configuration

To use OAuth with Gemini mailboxes, you can choose to configure the connection as Exchange(EWS) or IMAP

IMAP Configuration

Specify OAuth2 as the Authentication Mode

When you do this you will be prompted for an OAuth Provider. Select Microsoft.

You must use SSL and we recommend you leave the SSL protocol as Auto so Gemini can select the most modern.

Exchange(EWS) Configuration

Selecting Exchange will require you to select the Exchange version. Select Office365_OAuth.

The Exchange Web Server URL will be defaulted for you. The domain is likely to remain empty for O365 and OAuth

Generic OAuth Configuration

4 new fields have been added to Gemini's Mailbox/SMTP configuration

  • Tenant ID - the Tenant ID from your Azure application
  • Client ID - the Client ID from your Azure application
  • Client Secret - the Client Secret from your Azure application
  • Scopes - A field that will auto-populate for you

Save your configuration when you have provided the mandatory details. You will be redirected and required to authenticate with your OAuth provider

Note You must authenticate the MAILBOX email account e.g. support@company.com, not your own account or an admin account.

Confirm the access permissions and you'll be returned to Gemini, where you should see a success message

Gemini SMTP Configuration

OAuth configuration is the same for both the generic system mailbox in System Email Options, and the SMTP mailbox(es) for Breeze Ticketing

Navigate to Ticketing...SMTP Servers and edit or add a new SMTP connection

Provide a name for your SMTP Server. For Microsoft OAuth, the server and port should be as shown above.

Select OAuth2 from the Authentication Modes drop down. You will see the form present new fields.

The scopes will be automatically populated, but complete the rest of the fields as per the Azure AD Application details created earlier.

Save the configuration. On Ticketing SMTP servers you should get a simple success message. On System Email Options, you will get a verbose trail of Gemini testing the SMTP connection.