The aim of this article is to help you how to set up Azure for Office365/Outlook email integration in Bold360 with the OAuth 2.0 authentication method.
 

Step 1: Set up an Outlook email account

It is possible to integrate both normal mailboxes and shared mailboxes with Genesys DX.

POP3 and IMAP is enabled by default, but Authenticated SMTP is not. The following guide will help you to enable it for both normal and shared mailboxes.

Note: The password for this account is necessary for the authentication process. Make sure you have the email account configured and the password at hand!

 Mailbox SMTP configuration

1. Go to admin.microsoft.com.
2. Go to Users > Active users.
3. Add a new user or select an existing user.
   
4. Click on Mail.
   
5. Click on Manage mail apps.
   
6. Make sure that the desired email receiving protocol and Authenticated SMTP is allowed (Authenticated SMTP is NOT allowed by default).
   

Shared mailbox configuration

1. Go to admin.microsoft.com.
2. Go to Teams & Groups > Shared mailboxes.
   
3. Add a mailbox or note the name of the mailbox you are going to use.
4. Go to Users > Active Users and find the account corresponding to the shared mailbox. The user is automatically created when you create a shared mailbox.
   
5. Select the user.
6. Click Licenses and apps.
   
7. Add a license for an Outlook 365 or AD app.
   If you do not have the correct license, the following error message will appear in the next step: This user doesn't have an Exchange Online license.
8. Go to the Mail tab.
   
9. Click on Manage email apps.
   
   Make sure that the desired email receiving protocol and Authenticated SMTP is allowed (Authenticated SMTP is NOT allowed by default).
   
10. Click  Save changes.
11. Click the Back button.
    

Note: If you want, you can create a password for the created user, but it is not required.

Add a user to a shared mailbox

1. Go to admin.microsoft.com.
2. Go to Teams & Groups > Shared mailboxes.
   
3. Select the relevant shared mailbox.
4. Click Edit under Members.
   
5. Click Add members and select the users you wish to add to the shared mailbox.
   

Step 2: Register an app

You have to register an application in Azure for the authentication process. One app registration can be used with several mailboxes in Genesys DX.

1. Login into Azure portal (https://portal.azure.com) with your credentials.
2. Select Azure Active directory on the Home Screen.
   
3. Select Application registrations.
   
4. Select New registrations.
   
   • Specify a name.
   • Select Single tenant.
   • Select Web as platform.
   • Enter the Redirect URL: https://admin.bold360.com/email/authorize
     
5. After a successful registration you can see the details of the application.
   

Note: if you are troubleshooting an existing configuration, make sure that the platform is set to Web in the Authentication tab, where you also have to set the Redirect URL.
 
If the platform is not set to Web, remove the platform, and add a new "Web" platform. Checkboxes are not necessary.

Step 3: Get the secret key

A secret key is necessary for the authentication process.

1. Go to Certificates & Secrets in the Azure application page.
   
2. Click the New Client Secret button.
   
3. The description and the expiration time are arbitrary. Click on Add to continue.
   
4. After a successful generation the new client secret is visible. Make sure to grab the Value and not the ID (the secret's ID is not needed). 
   

Step 4: Set the API permissions

In order that Genesys DX be able to receive emails and send emails through your mailboxes, you have to enable specific API permissions for the Azure app.

1. Go to API permissions in the Azure application page.
   
2. Click on Add a permission.
   
3. Select Microsoft Graph.
   
4. Select Application permissions.
   
5. Search for "mail", then select Mail.ReadWrite and Mail.Send, then click Add permissions.
   
6. Default status for the permissions is Not granted for.... Click Grant admin consent for... 
   
7. Once the consent has been granted, statuses reflect the correct state.
   

Note: App permission changes might take up to 30 minutes to take effect. You might get an error in Genesys DX if you try to connect when the permissions are still not applied. 

Step 5: Genesys DX email account configuration

Email in Genesys DX operates like an email client application on a desktop (for example, Microsoft Outlook or Mozilla Thunderbird). This means that incoming email messages are received by and stored on your email server (Office 365 in our case). Genesys DX periodically synchronizes with the server and downloads any new emails from the email server.

1. Go to admin.bold360.com, navigate to Channels > Email > Email accounts and click Create New.
   
2. Create a new account:
   • Configuration name - arbitrary name only visible for Genesys DX users.
   • Sender email address - arbitrary email address that will show up as the sender email address in emails sent from this Genesys DX email account. This is not used in the authentication.
   • Friendly sender name - arbitrary name that will show up as the sender name in emails sent from this Genesys DX email account. This is not used in the authentication. 
   • Email client - MS Office 365.
   • User name - The full email address of the Outlook mailbox where the incoming emails will be downloaded from. 
   • Server, Port, Secure connection (SSL) and Server type - users typically choose IMAP with SSL. The official Office 365 server names and ports can be found in the following link: https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353
   • Folder - the folder in the Office 365 mailbox there the incoming emails are to be downloaded from. The Refresh folder list button will only be operational after you authorize. 
   • Tenant ID, Client ID and Client secret (value) - from the AD application 
   • Outgoing server - outgoing emails can be sent from Genesys DX mail servers, or there is an option to use a custom SMTP server. The Office 365 SMTP server settings can be found under the link in step F. 
     
3. Click Save to go back to the Email Accounts page. Click on Authorize for the account you have just set up.
   
4. A popup browser window appears with a Microsoft login page. Log in with with the email account of the mailbox.
   
   Note: if the mailbox is a shared mailbox, make sure to activate it's user in the Microsoft 365 admin center, and allow Authenticated SMTP in the Manage email apps settings menu. 
5. Once the authorization is done, click on the Test button. It might take around 30 seconds for the tests to go through (it tests the POP3/IMAP and SMTP connections).
   
6. If the test was successful, a message appears under the button. From now on, incoming emails are visible in the Agent Workspace at agent.bold360.com.