How to Configure Microsoft Graph OAuth 2.0 for Email SMTP
Microsoft Graph OAuth 2.0 SMTP Configuration Guide
Microsoft has deprecated basic SMTP authentication for most tenants. OAuth 2.0 via Microsoft Graph is now the recommended and more secure approach. This setup allows applications to send email without storing mailbox passwords.
Prerequisites:
Before you begin, ensure the following are available:
- Access to Microsoft Entra IDhttps://entra.microsoft.com/
- A valid mailbox (e.g. sender@yourdomain.com)
- A verified domain in the tenant
- Admin privileges to grant application permissions
- Access to the Web Application: Admin → Reseller Settings
⚠️ Note: Application permissions require admin consent and cannot be approved by regular users.
Step 1: Register an Application in Microsoft Entra ID
Create App Registration
Log in to Microsoft Entra ID
Navigate to: Applications → App registrations → New registration
Fill in the form:
Name: Email OAuth
Supported account types: Single tenant
Redirect URI: Not required
Click Register
Capture App Identifiers
After registration, copy and securely store:
Directory (tenant) ID → TENANT_ID
Application (client) ID → CLIENT_ID
Step 2: Create a Client Secret
Open the registered application
Navigate to: Certificates & secrets → Client secrets
Click New client secret
Define:
Description (e.g. SMTP OAuth Secret)
Expiration period (recommended: 12 or 24 months)
Click Add
⚠️ Important: Copy the Value immediately. It will not be shown again.
Client Secret Value → CLIENT_SECRET
Step 3: Assign Microsoft Graph API Permissions
Add Permission
Go to API permissions
Click Add a permission
Select Microsoft Graph
Choose Application permissions
Search and select:
Mail.Send
Click Add permissions
Grant Admin Consent
On the API permissions page
Click Grant admin consent
Confirm the action
✅ Status should show Granted
Step 4: Configure SMTP Email Settings in the Platform
Once Microsoft-side configuration is complete:
Log in to the Web Application Admin Panel
Navigate to: Admin → Reseller Settings → SMTP Email Settings
Fill in the fields using:
Tenant ID
Client ID
Client Secret
Sender mailbox
Testing and Validation
After saving the SMTP settings:
Trigger a test email from the platform
Confirm:
Email is delivered successfully
No authentication errors appear
If email fails:
Reconfirm Mail.Send permission
Ensure admin consent was granted
Verify the sender mailbox exists and is licensed
Troubleshooting
Issue: Unauthorized or invalid client
Confirm Tenant ID and Client ID are correct
Ensure the secret value (not secret ID) is used
Issue: Insufficient privileges
Mail.Send permission not granted
Admin consent missing
Issue: Emails not received
Check spam/junk folder
Confirm sender address matches configured mailbox
Related Articles
How to Configure Gmail OAuth for Email SMTP
OAuth (Open Authorization) is a protocol that allows users to grant third-party applications limited access to their resources without sharing their passwords. Gmail OAuth is commonly used to authenticate and access Gmail accounts securely. This ...Add your SMTP/email sending address
To enable email alerts and scheduled reports on the system you must input SMTP settings for an email account. You can do this in the Reseller SMTP settings section in the admin panel. Click on ADMIN, and then navigate to RESELLER SETTINGS. Under ...Email History
You can either view Email history at reseller level or client level At reseller level it shows all reseller and clients Email history At client level it is restricted to the client Email history only Click on ADMIN and navigate to Login,Email,Sms ...Configure Inputs, Outputs & Sensors
This article gives an overview of how to configure different types of inputs output and sensors You may want to create a fuel or temperature sensor mapping, add an engine cut off output, or map an input like door open close First you must add the ...The user already exists - how to use the same email address for different logins
You've tried to add a user account, but the platform gave you an error message saying the user already exists: "The user already exists" This happens when the email address already exists on the WLT platform, it might have already been used by ...