Microsoft OAuth Authentication Client Settings

Article Number:01062

This page explains how to configure a Microsoft OAuth authentication client.
To configure an OAuth authentication client, you need to log in to Azure Portal using an administrative account that can manage Azure Active Directory.

The steps described here are those confirmed as of January 2021. The content of this page is subject to change at the discretion of the service providers. For details, refer to Disclaimer.

  1. Log in to Azure Portal.

  2. Display "Azure Active Directory" from navigation menu.

  3. Click App registrations from navigation menu.

  4. On the "App registrations" screen, click New registration.

  5. On the "Register an application" screen, enter an application name.
    The application name is mandatory.

  6. Select the supported account types.

  7. Enter a redirect URI.
    This URI is for users who move to the Garoon page after OAuth authorization. Select "Web" from the dropdown list, and enter a URI.
    The URI to configure depends on the environment where you use Garoon.
    This section explains the scenario where "cbgrn" is set as the installation identifier in the single-machine deployment and "grn" is set as the Alias value in the DB-distributed deployment.

    • Windows:
      https://(domain name)/scripts/cbgrn/grn.exe/oauth2/callback?
    • Linux (Single-machine deployment):
      https://(domain name)/cgi-bin/cbgrn/grn.cgi/oauth2/callback?
    • Linux (DB-distributed deployment):
      https://(domain name)/grn/oauth2/callback.csp?

    When using Remote Service:
    Also, set the redirection URI for Remote Service.

    • Windows:
      https://remote2.cybozu.co.jp/scripts/cbgrn/grn.exe/oauth2/callback?
    • Linux (Single-machine deployment):
      https://remote2.cybozu.co.jp/cgi-bin/cbgrn/grn.cgi/oauth2/callback?
    • Linux (DB-distributed deployment):
      https://remote2.cybozu.co.jp/grn/oauth2/callback.csp?

  8. Confirm your settings and click Register.
    The app overview is displayed on Azure portal, and an "Application (client) ID" is issued.
    The "Application (client) ID" will be required for Configuring OAuth Clients in Garoon. Copy it to a text editor such as Notepad.

  9. Click Certificates & secrets from navigation menu.

  10. On the "Certificates & secrets" screen, click New client secret under "Client secrets".

  11. In the "Add client secret" dialog, configure description and expiration of the client secret.

  12. Confirm your settings and click Add.
    A client secret is issued.
    A client secret will be required for Configuring OAuth Clients in Garoon. Click Copy to clipboard for the client secret value, and copy it to a text editor such as Notepad.

  13. Click API permissions from navigation menu.

  14. In the " API permissions" screen, click Add a permission.

  15. On the "Request API permissions" screen, scroll down and select "Microsoft Graph".

  16. Select Delegated permissions, and select all the following permissions.

    • IMAP.AccessAsUser.All
    • POP.AccessAsUser.All
    • SMTP.Send
    • offline_access

    If you cannot find a permission that you want to add, enter a keyword in the search box to find it.

  17. Confirm your settings and click Add a permission.
    Confirm that the configured permission is displayed.