ripMail

ripMail oAuth2 Integration Guide

Support for Office 365, Outlook.com, Exchange Cloud

Important Notice

Provisioning and configuring the App Registration in Azure AD falls outside the scope of Raw Data, Inc. Software Support.
Please consult your local IT or a qualified Windows technician. This guide may not reflect the latest Microsoft UI changes regarding permission locations.

Problem Statement

As of October 2022, Microsoft has deprecated basic authentication for mailbox access.
riMail will now support oAuth integration.

Solution Overview

To enable oAuth2 authentication with Microsoft services:

  • Have your Azure / Office 365 admin:
    • Create a new App Registration for ripMail.
    • Configure API permissions.
    • Generate and share authentication credentials.

⚠️ Note: The ripMail App Registration does not require a redirect URI.

Required API Permissions

The App Registration must include:

  • Microsoft Graph: EWS.AccessAsUser.All
  • Microsoft Graph: full_access_as_app
  • Office 365 Exchange Online: full_access_as_app

If these permissions cannot be provisioned, contact your Azure / Office 365 admin or Microsoft support.

Authentication Credentials

Your admin must provide:

  • Client ID (Application ID)
  • Tenant ID (Directory ID)
  • Client Secret

⚠️ Note: The Client Secret is only visible at creation. Record it securely, it cannot be retrieved later.

ripMail Configuration

To configure ripMail for oAuth2:

  1. Use the Exchange email import option.
  2. Server address: https://outlook.office365.com/ews/exchange.asmx
  3. Enter a valid email address in the User Account field.
  4. Enable the oAuth2 option.
  5. Provide the Tenant ID, Client ID, and Client Secret.

⚠️ Note: Passwords are not used with oAuth2.

Click Test to verify the configuration. If it fails:

  • Confirm the credentials are correct.
  • Ensure the email address is valid.
  • Review authentication logs with your admin.

🔎 The Client Secret is a random alphanumeric string (often includes ~), not a GUID.

Workflow Updates

Each ripMail workflow importing from Exchange must be updated to use oAuth2.

If upgrading is not possible:

  • Set up mailbox forwarding rules.
  • Forward emails to a mailbox compatible with your current ripMail version.

ripMail Engine Behavior

ripMail now permanently deletes imported emails from the inbox.

To retain originals:

  • Create a rule to backup all incoming emails.
  • Leverage ripMail email routes for internal archiving.

Microsoft Access Control

To restrict access to specific mailboxes:

  • Use mailbox-level permission: Mail.ReadWrite
  • Apply this to each mailbox ripMail will import from.
  • Create an ApplicationAccessPolicy with limited permissions.

These steps must be performed by your Azure / Office 365 admin. Raw Data support cannot assist with this.