Configure OAuth 2.0

You can configure OAuth 2.0 to use Email SMTP instead of a username and password. This service-to-service flow provides a secure connection for your email notifications without the manual steps required by the SMTP classic authorization. Currently, Microsoft Graph API is the only supported OAuth email provider.

Prerequisites

In the Azure Portal, you have:

  • Registered an application.
  • Noted the Application (client) ID and Directory (tenant) ID.
  • Noted the Client Secret value.
  • Assigned the following API permissions: Mail.Send, User.Read.All, and Mail.ReadWrite.
  • Noted the Object ID of the Azure user account that will send the emails.
  • Noted the Application (client) ID and Directory (tenant) ID.
  • Noted the Client Secret value.
  • Assigned the following API permissions: Mail.Send, User.Read.All, and Mail.ReadWrite.
  • Noted the Object ID of the Azure user account that will send the emails.

Steps

  1. In Data Quality & Observability Classic, set the environment variable OAUTH2_LOGIN_ENABLED to TRUE.

    The OAuth 2.0 functionality activates.

  2. Click Cogwheel icon in the left navigation pane.
  3. Click Admin Console > User Management > OAuth2 Provider Configuration.

    The OAuth2 Provider Configuration page opens.

  4. Enter the required information:
    • Identity Provider: Enter a name, such as "Microsoft Graph API".
    • Registration ID: Enter a unique ID for this configuration.
    • Client ID: Enter the Application (client) ID from Azure.
    • Client Secret: Enter the secret value you copied from Azure.
    • Tenant ID: Enter the Directory (tenant) ID from Azure.
    • Redirect URI: Enter the URI that matches your Azure application configuration.
  5. Click Save.
  6. In the Admin Console, click Alerts > Email Configuration.

    The Alerts page opens.

    1. In the Email Server Type list, select OAuth (MS Graph).

      Note If this option is grayed out, the OAUTH2_LOGIN_ENABLED variable is set to FALSE. Change the value of the variable to TRUE to enable the option.

    2. In the OAuth Provider list, select the provider you created.
    3. In the Sender's Azure ID field, enter the Object ID of the user account that will send the emails.
    4. Complete the required fields and click Validate Email to confirm the connection.

What's next

You can now create a data quality rule and assign an alert to receive notifications via your new OAuth connection.