Communications Centre – Authorising a Microsoft Account using OAuth
See KB3380 - Setting up a Microsoft mailbox in Communications Centre.
This article covers the Microsoft authorisation journey and steps that may need to be taken by system administrators.
- When the authorisation journey starts, the Microsoft website should load within a TaxCalc window.
-
Enter the email address for the mailbox that you are authorising (this needs to be the same as the email address entered in the previous Mailbox Settings screen in TaxCalc).
-
If this account is recognised by Microsoft, you will then need to enter your password.
- If you have two-factor authentication enabled, you will then have to follow the instructions to approve the log in via authenticator app or email or other. For example:
- If this is the first time you have authorised TaxCalc to connect to your mailbox you should see the following screen asking you to confirm that you are granting access to TaxCalc (once permissions have been created you should not see this again):
-
If you are not an administrator for your Microsoft Office 365 email account then you can click on Accept to continue and complete the authorisation.
-
If you are an administrator, however, you may see the tickbox Consent on behalf of your organisation. You can, optionally, tick this to ensure that other, non-administrator, users in your organisation do not need to complete this step when authorising their mailboxes.
Please Note: If your mailbox administrator has disabled non-administrators from authorising any third party applications then users may see the following screen instead:
If you see this screen then speak to your administrator and see the following information:
Authorising a Microsoft mailbox in Communications Centre with admin approval
Microsoft Office 365 allows administrators to (optionally) prevent users from authorising third party applications.
This setting can be found from within the Identity administration module in Office 365.
- As an administrator for your Microsoft Office 365 account, log into your account at office365.com
- Click on the Admin module on the left menu:
- This should open Office 365 admin centre.
- In the search bar at the top, search for Identity and open up the Identity admin portal.
- Within the Identity (also called Microsoft Entra) admin centre, click on Applications > Enterprise Applications > Consent and permissions:
- You should see the permission options for user consent.
-
Do not allow user consent will prevent any users from authorising TaxCalc Communications Centre themselves, and they will need admin approval – see below.
-
The other options will allow users to authorise TaxCalc Communications Centre to connect to their mailbox.
- If you require admin consent and do not wish to change this then, when a user attempts to authorise a mailbox, after successfully providing their email and password details, they will see this screen within TaxCalc:
- Click on Have an admin account? Sign in with that account and then log in using administrator credentials.
- You will see the following screen asking to grant TaxCalc permissions:
Important note: If you tick the tickbox Consent on behalf of your organisation then you will allow any other users to authorise their own mailboxes in future (just for the TaxCalc application).
-
If you do not grant consent for all then, after completing authorisation you will need to manually grant the consents within Microsoft Identity (Entra) admin centre (see Manually managing user consent below).
-
After clicking Accept the authorisation will be granted but for the admin user, and not necessarily the intended mailbox..
-
After authorising as the admin user, you should see this screen within TaxCalc:
- Because the authorisation, in this case, is for the admin user and not the mailbox that was intended to be authorised, click on Re-authoirse and complete the journey one more time. If the admin user has granted consents then this time the user will be able to authorise themselves without admin elevation being required.
Manually managing user mailbox consent
If, as the office 365 administrator, you do not want to allow users to authorise their own mailboxes, you can manage individuals and their access.
Complete the steps below for a user mailbox and log in (and authorise) using your admin login (it is assumed you have not used the Consent on behalf of your organisation tickbox, in this case).
After this, within Office 365 admin centre:
- Log into the Identity (Entra) admin centre (see above) and navigate to Applications > Enterprise applications > All applications:
- Assuming that consent was granted at least once (see steps above), the TaxCalc-Hub application should be registered.
- Click on TaxCalc-Hub and then navigate to Permissions screen.
- On this page you can manage TaxCalc access to mailboxes on an individual user basis or grant consent for all users if you prefer.