Skip to main content
Solved

Error during sending Email by Office 365 (Oauth 2.0) using modern authentication

  • 3 November 2022
  • 4 replies
  • 2258 views

Hello,

We are trying to send emails by Office 365 (OAuth 2.0) using modern authentication.

The idea is to use one mail sync account (delegated access) in O365 and use the “send as” function for every user email account. This is configured to every user mail account in the MS admin center. In acumatica the system mail asccount is configured as: mailsync@example.onmicrosoft.com\user@example.onmicrosoft.com

We followed the installation guide: https://help-2022r2.acumatica.com/(W(1))/Help?ScreenId=ShowWiki&pageid=7ea4c814-8b24-4a77-9ae0-9596012fbfab

After creating an External Application and configured the SM204002 according to installation guide

  1. We can log in to O365 (MFA removed) well - checked
  2. We can get new inbound emails (SM204002 Sidepanel) well - checked
  3. If we try to send an email - error

The email cannot be sent because the account you signed in with does not have permission for using the email address specified in the system email account on the System Email Accounts (SM204002) form.

If we try to send (send as) by outlook webmail it works well.
The Microsoft Graph API rights are correct configured:
IMAP.AccessAsUser.All, offline_access and SMTP.Send deligated

Maybe some one has an idea?

 

Best answer by Missy Main

Andy Smith wrote:

Thank you for the response.  Are you saying that if we have, for example, ten system email accounts to set up, each user has to be present and perform the Sign In function on the System Email Accounts screen?  

In other Acumatica email setup scenarios we were able to sign in with an admin account that has delegation rights to the user accounts. 



Hello Andy,

Wanted to let you know that what is being discussed on this post is a highly requested change (really, optimization) for Modern Authentication System Email Accounts. 

At this time this is true, each Email Account must be signed in with, using the Email Address that is specified in the Email Account Record itself within Acumatica. No delegation, send as, send on behalf, or shared mailboxes can be used for this sign in process. 

Because this is such a highly requested change, we have created a community idea while our Engineering team works on this. 

Please please please vote on this idea :) we would really appreciate this

https://community.acumatica.com/ideas/authentication-token-issue-between-acumatica-and-azure-mail-send-vs-smtp-send-12790

 

View original
Did this topic help you find an answer to your question?

Forum|alt.badge.img

We are seeing this same error.  The Trace also shows this error:

PX.Common.IMAP.Client.ImapClientException: BAD User is authenticated but not connected

Were you able to get past this?  Or anyone else have a suggestion?

 


Forum|alt.badge.img

Hi,


When signing into the system email account ensure that you use the same email address that is specified on the system email account.

 

 


Forum|alt.badge.img

Thank you for the response.  Are you saying that if we have, for example, ten system email accounts to set up, each user has to be present and perform the Sign In function on the System Email Accounts screen?  

In other Acumatica email setup scenarios we were able to sign in with an admin account that has delegation rights to the user accounts. 


Forum|alt.badge.img+1
  • Acumatica Support Team
  • December 27, 2022
Andy Smith wrote:

Thank you for the response.  Are you saying that if we have, for example, ten system email accounts to set up, each user has to be present and perform the Sign In function on the System Email Accounts screen?  

In other Acumatica email setup scenarios we were able to sign in with an admin account that has delegation rights to the user accounts. 



Hello Andy,

Wanted to let you know that what is being discussed on this post is a highly requested change (really, optimization) for Modern Authentication System Email Accounts. 

At this time this is true, each Email Account must be signed in with, using the Email Address that is specified in the Email Account Record itself within Acumatica. No delegation, send as, send on behalf, or shared mailboxes can be used for this sign in process. 

Because this is such a highly requested change, we have created a community idea while our Engineering team works on this. 

Please please please vote on this idea :) we would really appreciate this

https://community.acumatica.com/ideas/authentication-token-issue-between-acumatica-and-azure-mail-send-vs-smtp-send-12790

 


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings