Microsoft OAuth Authentication Client Settings

Article Number:01062

This page explains how to configure a Microsoft OAuth authentication client.
To configure the OAuth authentication client, you need to log in to the Microsoft Entra admin center with an administrator account that can work with Microsoft Entra IDs.

The steps described here are those confirmed as of October 2023. The content of this page is subject to change at the discretion of the service providers. For details, refer to Disclaimer.

  1. Log in to the Microsoft Entra admin center.

  2. From the navigation menu, click App registrations in "Applications".

  3. On the "App registrations" screen, click New registration.

  4. On the "Register an application" screen, enter an application name.
    The application name is mandatory.

  5. Select the supported account types.

  6. Enter a redirect URI.
    This URI is for users who move to the Garoon page after OAuth authorization. Select "Web" from the dropdown list, and enter a URI.
    The URI to configure depends on the environment where you use Garoon.
    This section explains the scenario where "cbgrn" is set as the installation identifier in the single-machine deployment and "grn" is set as the Alias value in the DB-distributed deployment.

    • Windows:
      https://(domain name)/scripts/cbgrn/grn.exe/oauth2/callback?
    • Linux (Single-machine deployment):
      https://(domain name)/cgi-bin/cbgrn/grn.cgi/oauth2/callback?
    • Linux (DB-distributed deployment):
      https://(domain name)/grn/oauth2/callback.csp?

    When using Remote Service:
    Also, set the redirection URI for Remote Service.

    • Windows:
      https://remote2.cybozu.co.jp/scripts/cbgrn/grn.exe/oauth2/callback?
    • Linux (Single-machine deployment):
      https://remote2.cybozu.co.jp/cgi-bin/cbgrn/grn.cgi/oauth2/callback?
    • Linux (DB-distributed deployment):
      https://remote2.cybozu.co.jp/grn/oauth2/callback.csp?

  7. Confirm your settings and click Register.
    The overview of the app is displayed and the "Application (client) ID" is issued.
    Copy the "Application (client) ID" to a text editor such as Notepad. This ID is necessary to configure an OAuth client in Garoon.

  8. Click Certificates & secrets from navigation menu.

  9. On the "Certificates & secrets" screen, click New client secret under "Client secrets".

  10. In the "Add client secret" dialog, configure description and expiration of the client secret.

  11. Confirm your settings and click Add.
    A client secret is issued.
    Copy the "Value" of the client secret to a text editor such as Notepad. This ID is necessary to configure an OAuth client in Garoon.

  12. Click API permissions from navigation menu.

  13. In the " API permissions" screen, click Add a permission.

  14. On the "Request API permissions" screen, scroll down and select "Microsoft Graph".

  15. Select Delegated permissions, and select all the following permissions.

    • IMAP.AccessAsUser.All
    • POP.AccessAsUser.All
    • SMTP.Send
    • offline_access

    If you cannot find a permission that you want to add, enter a keyword in the search box to find it.

  16. Confirm your settings and click Add a permission.
    Confirm that the configured permission is displayed.

Now you have completed the settings of the Microsoft OAuth authentication client.
Set the copied "Application (client) ID" and the "Value"of the client secret to Garoon. For details, refer to the following pages.