OAuth 2.0 authentication for email providers
Secure your email integration with third-party email providers by storing your access tokens in a Pega OAuth 2.0 authentication profile. With your email provider access tokens stored, your application can send and receive emails from Microsoft Graph accounts, and send emails from Google Mail accounts.
For details on how to configure an OAuth 2.0 authentication profile, see Configuring an OAuth 2.0 authentication profile.
The following sections specify the information that you need from your email provider before creating an OAuth 2.0 authentication profile in Pega Platform:
Microsoft Graph for inbound and outbound emails
Your application must have an access token to call Microsoft Graph. The access token specifies the permissions that your application needs so that it can use Microsoft Graph. You obtain the access token by registering your application in the Microsoft Azure portal. For more information, see your Microsoft Azure developer documentation.
Make sure that you grant the appropriate permissions in the application that you registered in the Microsoft Azure portal. The permissions that you grant depend on your email configuration in Pega Platform, as shown in the following table:
| Configuration choices | Mail.Send | User.Read | Mail.ReadWrite |
| Use Microsoft Graph to send emails from Pega Platform. | ✔ | ✔ | ✔ |
| Use Microsoft Graph to receive emails in Pega Platform. | ✔ | ✔ | |
| Use Microsoft Graph to both send and receive emails in Pega Platform. | ✔ | ✔ | ✔ |
OAuth 2.0 authentication profile configuration for Microsoft Graph
After you register you application with Microsoft Azure, you create an OAuth 2.0 authentication profile with the following required details:
- Client ID
- Client secret from Microsoft Azure
- OAuth 2.0 token endpoint, for example, https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token
- Tenant ID
You get the tenant ID when you create a new tenant in the Microsoft Azure portal.
Google Mail for outbound emails
You can send emails from your Google Mail account in Pega Platform by using an OAuth token that is configured with a JSON Web Token (JWT).
To configure the keystore and JWT profile in Pega Platform, obtain the following information from your Google service account for email:- Download the key pair in the .p12 format.
- Save the password for the key pair.
- Obtain the alias of the key pair by using
$keytool -v -list -keystore <.p12 file>.Take note of the alias in the property Alias name in the output.
For more information, see your Google developer documentation.
Custom claims for JWT profile configuration
To create a JWT profile in Pega Platform, see Creating a generation JSON Web Token profile. In addition to configuring the standard registered claims, be sure to include the following custom claims in the Custom claims section of your JWT profile.
OAuth 2.0 authentication profile configuration for Google Mail
After you create the JWT bearer profile, create an OAuth 2.0 authentication profile.
- Configuring certificate-based JSON Web Token authentication scheme for Microsoft Graph
Make use of the certificate-based authentication scheme for JSON Web Token (JWT) to securely send and receive emails through Microsoft Graph.
Previous topic Configuring inbound email in Dev Studio Next topic Configuring certificate-based JSON Web Token authentication scheme for Microsoft Graph