451 43 2 Please Try Again Later Office 365

Microsoft 365 supports connecting toOutlook 365 via OAuth2 with Say-so Code grant type. This web log provides a step by step description on how yous can connect from SAP Cloud Integration to a mail service account in Outlook 365 via OAuth2  with Authority Code grant type, using either the protocol SMTP for sending e-mails or the protocol IMAP for reading e-mails.

Prerequisites

When connecting to Microsoft Outlook 365 with OAuth2, you need to take an organizational directory/tenant in Microsoft Azure Active Directory and a user in this directory which has a subscription to Outlook 365. The following screen shot shows an instance of such a user in the Azure Active Directory with proper noun "testusermail" which has the license  "Commutation Online (Plan1)".

For the configuration tasks in the Azure Agile Directory, you besides need a user with the "Application administrator" and the "Awarding programmer" role.

Furthermore, y'all need a SAP Deject Integration tenant on which you have a user with the "Integration Developer" part. If you only have a user with the "Administrator" part, you can do all the configurations mentioned beneath in SAP CPI, except for the last two configurations in the integration flow.

The new functionality is available with the release update at cease of August 2020.

Yous have to use the sender mail adapter version 1.viii or college and the receiver mail service adapter version 1.9 or higher. If you use older adapter versions in your integration flows, yous have to delete these adapters and recreate them.

Setup

To fix up the OAuth2 connexion for reading and sending e-mails with SAP Cloud Integration, practice the following steps:

• Determine Redirect URI
• Create OAuth Client/App in Microsoft Azure Active Directory
• Create OAuth2 Authorization Code Credential in your SAP Cloud Integration tenant
• Configure Mail Sender Adapter in your integration flow
• Configure Postal service Receiver Adapter in your integration flow

Determine Redirect URI

When you log into the SAP Deject Integration Spider web-UI, you see your host name in the browser address field:

https://<host name>/itspaces

Apply the <host proper name> to construct the following redirect URI:

https: //<host name>/itspaces/odata/api/v1/OAuthTokenFromCode

You lot need this redirect URI in the side by side step.

Create OAuth Customer/App in Microsoft Azure Active Directory

1. Log into your Azure tenant by using https://portal.azure.com/
2. Select "App registrations" under "Azure services".
   
3. Click on "New registration", provide a name for your app and enter the redirect URI y'all determined at the beginning. Do not change the default setting for the "account types" ("Accounts in this organizational directory merely"). After that, select "Register".

Salvage the Application (client) ID anywhere on your local desktop. You volition demand this ID later to configure the OAuth2 Credential in CPI.

4. Choose "Certificates & secrets" in the bill of fare on the left.

5. Select "New client secret", choose your preferred expiry period ("In 1 year", "In 2 years" or "Never"). Optionally, you can as well add together a description. When y'all're washed, select "Add".

Remark: Before the cloak-and-dagger expires you have to create a new hole-and-corner and transfer the new secret to the SAP CPI OAuth2 Authorization Code credential (come across below).

half-dozen. Employ the "Re-create to clipboard" push button to recollect the created secret (yous will demand this later to configure the OAuth2 credential in CPI).

7. Go back to the "Overview" view of the app and select the "Endpoints" tab.

Copy the "OAuth 2.0 authorization endpoint (v2)" and the "OAuth two.0 token endpoint (v2)" to your local desktop. Yous need these values later for the cosmos of the OAuth2 credential in Cloud Integration.

Create an OAuth2 Potency Code Credential in SAP CPI Tenant

1. Log into your Deject Integration tenant via the URL https://<host name>/itspaces. Change to the "Operations View" (printing the center icon), and select the "Security Materials" tile. Select the "Create" button and choose "OAuth2 Authorization Code".
   
2. Enter a name for the Credential and the "Say-so URL", "Token Service URL", "Customer ID", and "Client Hole-and-corner" from your Microsoft App.
   Enter as well a "User Name". This is the e-mail accost of the user whose post resources you desire to access in an integration menstruum. This user must exist in the aforementioned Microsoft Azure directory/tenant every bit the App created and must have an Outlook 365 account.
   
   
   Enter the necessary scope (run across https://docs.microsoft.com/en-us/exchange/client-programmer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-awarding-by-using-oauth#go-an-access-token):
   – "https://outlook.function.com/IMAP.AccessAsUser.All" for accessing e-mails
   – "https://outlook.part.com/SMTP.Send" for sending e-mails
   
   Additionally, you need the scope "offline_access" for creating refresh tokens  (if this scope is non added, SAP Cloud Integration volition add this telescopic automatically). The scopes must be separated by a space.
   
   The default value for the Refresh Token Decease is set to 90 days for "Microsoft 365" (see: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-lifetimes). Nevertheless, if the death time was changed for your Microsoft tenant, then you have to accommodate this value. After clicking on the "Deploy" push, yous see the newly created "OAuth2 Authorization Lawmaking" credential in the list of Security Materials in status "Unauthorized".
   
3. Select the iii dots in the entry with the created credential and choose the "Qualify" option.
   A confirmation pop-upward will come up. Select "Continue":
   A Microsoft login screen appears. Enter the countersign of the user you lot specified in the OAuth2 credential:
   
   Afterward you've selected "Sign in", a further pop-up comes up, indicating the requested permissions required by the app:
   

   Select "Accept". You lot should get a success message:
   
   Render  to your previous browser folio and refresh the Security Materials listing (button "Reload content"). The state of the "OAuth2 Authority Code" credential changed to "Deployed":
   

   Now, with condition "Deployed", the credential can be used by the mail adapters.

Configure the Mail service Sender Adapter in an Integration Menses

Nosotros assume that yous are familiar with the Integration Flow modeling in SAP Deject Integration, and provide hither only configuration details for the OAuth2 configuration in the mail adapter.

Be aware that the adapter version must be at to the lowest degree one.8 (you see the version if you press the i button, see screen shot below). If your adapter has a lower version, then you have to delete the adapter and recreate the adapter (this will automatically utilize the newest version).

If you desire to receive mails, you configure the Mail service Sender Adapter with the created OAuth2 Credential. In the cosmos dialog for the Mail sender adapter, you have to chose the ship protocol "IMAP4" (nosotros do not support OAuth2 for POP3). Enter the Address value "outlook.office365.com:993". In the "Connection" tab, choose "OAuth2 Dominance Lawmaking" equally "Authentication". Protection must be divers every bit "IMAPS" for Microsoft 365.

Configure the Mail service Receiver Adapter in an Integration Flow

Be aware that the receiver adapter version must be at to the lowest degree one.9 (you see the version if you press the i button, see screen shot below). If your adapter has a lower version, and then y'all accept to delete the adapter and recreate the adapter (this will automatically use the newest version).

If you lot desire to ship mails, you lot need to configure the Mail Receiver adapter. Enter the Accost value "smtp.office365.com:587".  Enter  "OAuth2 Say-so Code" for "Hallmark" in the "Connection". Protection must be divers as "STARTTLSMandatory" for Microsoft 365.

Limits and Scope

• SAP Cloud Integration does not support the authentication with OAuth2 for the Popular protocol. If you are currently using the POP protocol in the mail sender adapter, you can switch to the IMAP protocol in order to apply the OAuth2 authentication.
• The maximum number of OAuth2 Authorization Code credentials in a Cloud Integration tenant is limited to 500.
• Microsoft does not support OAuth2 for personal e-mail accounts ending in "outlook.com".

mosspromento.blogspot.com

Source: https://blogs.sap.com/2020/08/20/cloud-intgration-connect-to-microsoft-365-mail-with-oauth2/

Share this post