26 November 2025

Configure SMTP Authentication

Configure SMTP authentication to enable ebs to send emails through Microsoft Exchange Online or Office 365. To configure SMTP authentication you must configure an app registration with permissions in Microsoft Entra ID, define the required Institution Settings in ebs: central, and the OAuth authentication credential type.

Before configuring SMTP Authentication, you must ensure that you have administrative access to Microsoft Entra ID and Exchange Online.

Configure SMTP authentication as follows:

Microsoft Entra ID

To use SMTP authentication with OAuth in Microsoft Exchange Online or Office 365, you must register an application in Microsoft Entra ID and assign the required permissions to enable email sending. For detailed instructions, go to Authenticate an IMAP, POP or SMTP connection using OAuth.

Configure Microsoft Entra ID as follows:

  1. Create an app registration in Microsoft Entra ID. For more information, go to Register an application in Microsoft Entra ID.

  2. On ebs: central, go to Institution Settings > Email SMTP and define the following fields:

    • SMTP application directory tenant Id that is the Directory (tenant) ID from Microsoft Entra ID.

    • SMTP application registration client Id that is the Application (client) ID from Microsoft Entra ID.

  3. Define the Office 365 Exchange Online application permissions for SMTP.SendAsApp and full_access_as_app. For more information, go to Use client credentials grant flow to authenticate SMTP, IMAP, and POP connections.

  4. Grant tenant administrator access. For more information, go to Overview of permissions and consent in the Microsoft identity platform.

    On granting the application permissions, the status updates to Granted, as shown in the image below.

    API permissions for Entra ID

Exchange Online

The following section requires the use of the Exchange Online PowerShell module, along with the appropriate administrative access.

You must register your Entra application's service principal in Exchange using Exchange Online PowerShell. Before completing the steps below you should carefully read the detailed instructions from Microsoft for registering service principals in Exchange.

  1. Create a new service principal in Exchange Online.

  2. Give the new service principal access to the mailbox that will be used to send emails.

    Note that this email address must match the From email address in the ebs Institution Settings for Email SMTP.

Institution Settings

Define the required Institution Settings for SMTP authentication. On ebs Central, go to Institution Settings > Email SMTP, and then define the fields as described in the table Email SMTP.

Email SMTP
Field Notes
From email address Define the email registered in your Entra ID registration that has the ability to send messages through SMTP.
SMTP mail server for sending emails The value for Microsoft Exchange Online is, smtp.office365.com.
SMTP application OAuth credential type This should be set to OAuth.
SMTP mail server port The suggested value from Microsoft is port 587.
SMTP application OAuth permissions scopes This should be set to https://outlook.office365.com/.default.
SMTP mail server uses SSL This should be set to Y.
Note that you may also need to configure additional institution settings for email. For more information, go to Email SMTP Institution Settings.

OAuth authentication credential type

Microsoft supports two OAuth authentication credential types, client secret or certificate password, that can be defined in ebs as follows:

Client secret

Define the required Institution Settings. On ebs Central, go to Institution Settings > Email SMTP, and then enter the client secret from the registered application in the SMTP mail server password field.

Certificate password

Upload a valid private key certificate, on ebs: central go to System > Options > SMTP. Note that you must also enter the certificate password.