16 October 2025

Configure SMTP Authentication

Configure SMTP authentication to enable ebs to send emails through Microsoft Exchange Online or Office 365. To configure SMTP authentication you must configure an app registration with permissions in Microsoft Entra ID, define the required Institution Settings in ebs: central, and the OAuth authentication credential type.

Microsoft Entra ID and Exchange Online

To use SMTP authentication with OAuth in Microsoft Exchange Online or Office 365, you must register an application in Microsoft Entra ID and assign the required permissions to enable email sending. For detailed instructions, go to Authenticate an IMAP, POP or SMTP connection using OAuth.

Configure Microsoft Entra ID as follows:

  1. Create an app registration in Microsoft Entra ID. For more information, go to Register an application in Microsoft Entra ID.

  2. Grant Office 365 Exchange Online application permissions for SMTP.send and full_access_as_app. For more information, go to Use client credentials grant flow to authenticate SMTP, IMAP, and POP connections.

  3. Grant tenant administrator access. For more information, go to Overview of permissions and consent in the Microsoft identity platform.

  4. Create a new service principal in Exchange Online as follows, New-ServicePrincipal -AppId <APPID> -ObjectId <OBJECTID>.

  5. Create a new shared mailbox and grant permissions to the service principal created in step four as follows, Add-MailboxPermission -Identity <MAILBOX> -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess.

Institution Settings

Define the required Institution Settings for SMTP authentication. On ebs Central, go to Institution Settings > Email SMTP, and then define the fields as described in the table Email SMTP.

Email SMTP
Field Notes
From email address Define the email registered in your Entra ID registration that has the ability to send messages through SMTP.
SMTP mail server for sending emails The value for Microsoft Exchange Online is, smtp.office365.com.
SMTP application OAuth credential type This should be set to OAuth.
SMTP application directory tenant Id The tenant ID of your registered application from Microsoft Entra ID.
SMTP application registration client Id The client ID of your registered application from Microsoft Entra ID.
SMTP mail server port The suggested value from Microsoft is port 587.
SMTP application OAuth permissions scopes This should be set to https://outlook.office365.com/.default.
SMTP mail server uses SSL This should be set to Y.
Note that you may also need to configure additional institution settings for email. For more information, go to Email SMTP Institution Settings.

OAuth authentication credential type

Microsoft supports two OAuth authentication credential types, client secret or certificate password, that can be defined in ebs as follows:

Client secret

Define the required Institution Settings. On ebs Central, go to Institution Settings > Email SMTP, and then enter the client secret from the registered application in the SMTP mail server field.

Certificate password

Upload a valid private key certificate, on ebs: central go to System > Options > SMTP. Note that you must also enter the certificate password.