目的

Microsoft Exchange Online is deprecating basic authentication according to the information in their Exchange Team Blog. 

Jira has been supporting OAuth with IMAP but has recently included the same support for POP3 and SMTP (for outgoing mail). 

OAuth 2.0 support for POP3 mailboxes has been added to the following Jira versions: 8.5.12, 8.13.4, and 8.15.0.

OAuth 2.0 support for Microsoft SMTP outgoing mail has appeared in Jira 9.2.0 and will be available in the next versions.

ソリューション

Since POP3 for Microsoft Exchange Online isn’t listed as an option for a service provider setting, you should select Microsoft Exchange Online / Outlook (IMAP) in your incoming mail server configuration.

To create the working configuration, you should

1. Add Microsoft as a new integration for OAuth 2.0 in Jira

2. Generate a correct OAuth 2.0 key and secret in Azure

3. Complete the incoming mail server configuration in Jira with the new server

To complete these steps, follow the instructions in this document.

Add Microsoft as a new OAuth 2.0 integration

To add Microsoft as a new integration for OAuth 2.0, check the Jira version you’re using and follow the corresponding instructions.

Jira 8.22 以降

Follow the instructions on configuring an outgoing link

Jira 8.21 and older

1. Go to Administration > System > OAuth 2.0.

2. Select Add new integration.

3. In the Service Provider field, select Microsoft.

4. In the Redirect URL field, select Copy.

5. Generate an OAuth key and secret in Azure and go back to Jira. See the following instructions.

Learn more about Jira integration with OAuth 2.0

Generate an OAuth 2.0 key and secret in Azure

To get an OAuth key and secret in Azure:

1. Login to https://portal.azure.com/.

2. Select App registrations.

3. Select New registration.

4. Enter a friendly, easy-to-identify name.

5. Under Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).

6. Under Redirect URI, select Web and insert the URL retrieved previously

7. Select Register.

8. Select API permissions.

9. Select Add a permission.

10. Select Microsoft Graph.

11. Select Delegated permissions.

12. 以下のパーミッションを選択します:

    1. OpenId permissions: offline_access

    2. IMAP: IMAP.AccessAsUser.All

    3. POP: POP.AccessAsUser.All

13. Select Add permissions.

14. Select Grant admin consent for.

15. In the left menu, select Certificates & secrets.

16. Select New client secret.

17. Enter a description and select an expiration date.

18. Save the generated Value. You’ll use it as the Client secret in Jira. You’ll see the Value only once.

19. Select Overview.

20. Save the Application (client) ID. You’ll use it as the Client ID in Jira.

21. Go back to Jira and complete the configuration by inserting the following details:

    1. Client ID from step 20

    2. Client secret from step 18

    3. Scopes: "https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/POP.AccessAsUser.All" and "offline_access"

22. 保存 を選択します。

23. Test the connection.

If the connection is successful, proceed with the following steps.

Optionally, check the Microsoft doc on how to get the Client ID and secret.

Complete the OAuth configuration in Jira

To complete the OAuth 2.0 configuration, on your Jira instance:

1. [管理] > [システム] の順に移動します。

2. Under Mail, select Incoming mail.

3. In the Mail servers section, select Add mail server.
   

4. In the Service Provider field, select Microsoft Exchange Online / Outlook (IMAP) even though you are using a POP3 account.
   
   

5. In the Username field, insert the email address used by Jira.

6. In the Authentication method field, select the newly created server.    

7. Select Authorize and log in to Microsoft using the user account that is associated with the mailbox being configured. 

8. Select Test Connection to ensure that it’s successful.

9. [保存] を選択します。