About OAUTH2 for authentication: Microsoft OAuth 2.0 : Get access on behalf of a user Link
!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication:
• login.microsoftonline.com
Microsoft Graph Application Registration
This requires a Microsoft Graph application registration. Start by visiting the Microsoft Azure portal: Link
Application registration: Navigate to App registrations in the Azure Portal. Click on New registration to create a new application.
The Redirect URL must end with "register_microsoft_graph_api/".
or
Secret key: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!
API permission: You also need to grant the appropriate permissions for Microsoft Graph. Go to Api permission. Click on Add permission, and select Microsoft Graph. Choose Delegated Permission, then add either SMTP. Send, IMAP.AccessAsUser.All or both, depending on your requirements:
Client id: See at App Registration -> Overview -> Application (client) ID
!!!Warning: Make sure that the user's SMTP AUTH is enabled, otherwise SMTP authentication will fail. You can view the official documentation here: Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online.
Office 365: Navigate to the Microsoft 365 Admin Center (Link). Select the user and enable SMTP authentication. SMTP authentication will fail if this setting is not enabled.
Note: XOAUTH authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).
SMTP settings
Enter the SMTP server address used for sending emails, such as smtp.office365.com, using the default port 587.
In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.
Provide the Client Id and Secret (from Azure App Registration) and "common" for the tenant input field.
Click on the OK button, and allow CrushFTP to have access to send email. Make sure you sign in with the Microsoft Account which has permission to send emails (Configured on Azure's App Registration)!!! (SMTP.send is user-specific permission) As the end of the result, the SMTP Username and Password will fill the Client ID and the Refresh Token.
It is required to provide the email from the address too. !!!The Email From address must match the signed-in Microsoft user's email address (the Microsoft Account used to gain the refresh token) otherwise, the SMTP authentication will fail.
Make sure the IMAP protocol is enabled for the user. See the description: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access.
Office 365:Navigate to the Microsoft 365 Admin Center. https://admin.microsoft.com/Adminportal/Home?#/homepage. Select the user and enable the IMAP protocol at "Manage email apps".
Provide the host and click on the Get Refresh Token button.
In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.
Because the email address is essential after you got the refresh token, the Mail Username input field needs to be modified.
Put your email address ended with a tilde(~) at the beginning of the Mail Username input field.
!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication:
• login.microsoftonline.com
Microsoft Graph Application Registration
#
This requires a Microsoft Graph application registration. Start by visiting the Microsoft Azure portal: Link
Application registration: Navigate to App registrations in the Azure Portal. Click on New registration to create a new application.
The Redirect URL must end with "register_microsoft_graph_api/".
http://localhost:9090/register_microsoft_graph_api/
or
https://your.crushftp.domain.com/register_microsoft_graph_api/
Secret key: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!
API permission: You also need to grant the appropriate permissions for Microsoft Graph. Go to Api permission. Click on Add permission, and select Microsoft Graph. Choose Delegated Permission, then add either SMTP. Send, IMAP.AccessAsUser.All or both, depending on your requirements:
Client id: See at App Registration -> Overview -> Application (client) ID
!!!Warning: Make sure that the user's SMTP AUTH is enabled, otherwise SMTP authentication will fail. You can view the official documentation here: Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online
.Office 365: Navigate to the Microsoft 365 Admin Center (Link
). Select the user and enable SMTP authentication. SMTP authentication will fail if this setting is not enabled.Note: XOAUTH authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).
SMTP settings
#
Enter the SMTP server address used for sending emails, such as smtp.office365.com, using the default port 587.
smtp.gmail.com:587
Click on the "Get Refresh Token" button.In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.
Provide the Client Id and Secret (from Azure App Registration) and "common" for the tenant input field.
Click on the OK button, and allow CrushFTP to have access to send email. Make sure you sign in with the Microsoft Account which has permission to send emails (Configured on Azure's App Registration)!!! (SMTP.send is user-specific permission) As the end of the result, the SMTP Username and Password will fill the Client ID and the Refresh Token.
It is required to provide the email from the address too. !!!The Email From address must match the signed-in Microsoft user's email address (the Microsoft Account used to gain the refresh token) otherwise, the SMTP authentication will fail.
PopImapTask#
Make sure the IMAP protocol is enabled for the user. See the description: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access
.Office 365:Navigate to the Microsoft 365 Admin Center. https://admin.microsoft.com/Adminportal/Home?#/homepage
. Select the user and enable the IMAP protocol at "Manage email apps".Provide the host and click on the Get Refresh Token button.
In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.
Because the email address is essential after you got the refresh token, the Mail Username input field needs to be modified.
Put your email address ended with a tilde(~) at the beginning of the Mail Username input field.
Mail Username : <<your email address>>~<<what was before>>
Add new attachment
Only authorized users are allowed to upload new attachments.
List of attachments
| Kind | Attachment Name | Size | Version | Date Modified | Author | Change note |
|---|---|---|---|---|---|---|
png |
auth_smtp_office_365.png | 44.1 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
client_id.png | 92.7 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
enable_access_token.png | 50.3 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
ms_client_secet.png | 88.6 kB | 2 | 03-May-2025 02:37 | krivacsz | |
png |
new_registration.png | 86.9 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
new_secret.png | 138.7 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
permission_final.png | 209.0 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
permission_microsoft_graph.png | 182.9 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
pop_imap_task.png | 141.8 kB | 3 | 14-May-2025 02:49 | krivacsz | |
png |
register_app.png | 230.6 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
smtp_from_email.png | 50.3 kB | 1 | 05-Dec-2023 05:32 | krivacsz | |
png |
smtp_get_refresh_token.png | 44.7 kB | 2 | 05-Dec-2023 05:32 | krivacsz |
«
This particular version was published on 07-May-2025 02:22 by krivacsz.
G’day (anonymous guest)
Log in
CrushFTP11 | What's New
- WebInterface
- Server Admin
- User Manager
- Client Apps
- CrushBalance Load Balancer
- High Availability
- Self Registration
- Preferences
- Email Templates
- Restrictions
- Replication
- Banning
- Logging
- Encryption
- Alerts
- Folder Monitor
- Tunnels
- Syncs
- User Config
- Search Config
- Preview
- Misc
- Plugins
- Manage Shares
- PGP
- Telnet
- FAQ
- API
- Linux Install
- Virtual Linux Server
- Server Variables
- Google Authenticator and Microsoft Authenticator
- AS2 EDI
JSPWiki