Odoo is compatible with Microsoft’s Azure OAuth for Microsoft 365. In order to send and receive secure emails from a custom domain, all that is required is to configure a few settings on the Azure platform and on the back end of the Odoo database. This configuration works with either a personal email address or an address created by a custom domain.
Setup in Microsoft Azure Portal
Create a new application
To get started, go to Microsoft’s Azure Portal. Log in with the Microsoft Outlook Office 365 account if there is one, otherwise log in with the personal Microsoft account. A user with administrative access to the Azure Settings will need to connect and perform the following configuration. Next, navigate to the section labeled Manage Azure Active Directory.
Now, click on Add (+), located in the top menu, and then select App registration. On the Register an application screen, rename the Name to Odoo or something recognizable. Under the Supported account types section select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
Under the Redirect URL section, select Web as the platform, and then input https://<odoo base url>/microsoft_outlook/confirm in the URL field. The Odoo base URL is the canonical domain at which your Odoo instance can be reached in the URL field.
After the URL has been added to the field, Register the application so it is created.
API permissions
The API permissions should be set next. Odoo will need specific API permissions to be able to read (IMAP) and send (IMAP) emails in the Microsoft 365 setup. First, click the API permissions link, located in the left menu bar. Next, click on the (+) Add a Permission button and select Microsoft Graph under Commonly Used Microsoft APIs. After, select the Delegated Permissions option.
In the search bar, search for the following Deregulated permissions and click Add permissions for each one:
SMTP.Send
IMAP.AccessAsUser.All
Note
The User.Read permission will be added by default.
Assign users and groups
After adding the API permissions, navigate back to the Overview of the Application in the top of the left sidebar menu.
Now, add users to this application. Under the Essentials overview table, click on the link labeled Managed Application in Local Directory, or the last option on the bottom right-hand side of the table.
In the left sidebar menu, select Users and Groups. Next, click on (+) Add User/Group. Depending on the account, either a Group and a User can be added, or only Users. Personal accounts will only allow for Users to be added.
Under Users or Groups, click on None Selected and add the users or group of users that will be sending emails from the Microsoft account in Odoo. Add the users/groups, click Select, and then Assign them to the application.
Create credentials
Now that the Microsoft Azure app is set up, credentials need to be created for the Odoo setup. These include the Client ID and Client Secret. To start, the Client ID can be copied from the Overview page of the app. The Client ID or Application ID is located under the Display Name in the Essentials overview of the app.
Next, the Client Secret Value needs to be retrieved. To get this value, click on Certificates & Secrets in the left sidebar menu. Then, a Client Secret needs to be produced. In order to do this, click on the (+) New Client Secret button.
A window on the right will populate with a button labeled Add a client secret. Under Description, type in Odoo Fetchmail or something recognizable, and then set the expiration date. (After expiration date the service for the secret key will be ended; so be sure you selected proper date to keep service alive!)
Next, click on Add when these two values are entered. A Client Secret Value and Secret ID will be created. It is important to copy the Value or Client Secret Value into a notepad as it will become encrypted after leaving this page. The Secret ID is not needed.
After these steps, the following items should be ready to be set up in Odoo:
- A client ID (Client ID or Application ID)
- A client secret (Value or Client Secret Value)
This completes the setup on the Microsoft Azure Portal side.