Azure OAuth 2.0 Setup and Configuration for ThingWorx Mail Integration
OAuth 2.0 authentication for Azure mail setup requires some operations within the Azure portal prior to configuring ThingWorx.
An application entity is used to enable unattended authentication using the OAuth 2.0 Client Credentials flow.
 |
Initial Setup for Azure
1. Create an app registration in Entra (formerly Azure AD).
2. Add AccessAsApp permissions for SMTP and POP.
3. Create a private key and certificate pair for authenticating the application.
◦ The certificate does not need to be issued by a trusted certificate authority. You can use a self-signed certificate with a long expiration date.
4. Register the application with Exchange. See Microsoft documentation.
Configure ThingWorx Mail Entity
1. SMTP server—smtp.office365.com, port 587, use TLS
2. POP server—outlook.office365.com, port 995, use SSL
3. Select—Use OAuth 2.0
4. OAuth provider—azure
5. Access-token URL—https://login.microsoftonline.com/.onmicrosoft.com/oauth2/v2.0/token (replace with your subscription name)
6. Client ID—from app registration
7. Client certificate—Paste PEM-formatted certificate
8. Certificate key—Paste PEM-formatted private key
9. Select—Use two-line XOAUTH2 format