Cyber Security is a hot topic and will only become ever more critical as our reliance on technology grows.
Over the last few years there have been numerous public cases of exploits and security breaches, with attacks becoming more targeted and using ever more cunning techniques. Many exploiting the shift to work-from-home that created greater reliance on security and massive challenges for IT departments to manage.
OAuth was devised to help remove the reliance on username / password authentication back in 2012 but has become the modern standard for authentication in online applications.
Instead of relying on a password, which is usually the main weak-point, it uses unique access "tokens" which are specific to the software application.
Therefore if there is a breach of security, you can revoke just a single client key and not have to reset passwords that are used by multiple systems or people.
Both Microsoft and Google have pushed for greater email security methods, making OAuth the recommended setting, along with MFA (Multi Factor Authentication).
At the date of writing this article it is still possible to enable password authentication in MS Office 365 and Google Gmail, however in October 2022 Microsoft plans to disable this entirely. Google will likely follow soon after.
For those using Odoo with either of these email providers, it was important that an option exist to achieve modern authentication. Thankfully in March 2022 this was implemented in the latest security updates across ALL recent Odoo versions including V12-V16
Follow the guide below to setup on your own system - Odoo and Office 365
Entra (Azure AD) Authentication
Go to Azure AD Portal (https://aad.portal.azure.com/)
Create a new app registration - named "My Company Odoo Outlook Email"
Set the redirect URLs to: https://yourdomain.com/microsoft_account/authentication and https://yourdomain.com/microsoft_outlook/confirm
In “Supported account types” choose “Accounts in any organizational directory (Any Azure AD directory – Multitenant)
- From Overview tab, click on "Managed Application in local directory". Then go to "Users and Groups". Ensure you add your Office 365 Admin user that you will use when logged in to authenticate to Odoo.
- Go to API Permissions and add the following as delegated permissions:
User.Read (may already be added)
Go to Certifications & Secrets menu, create a new secret. Copy the "Client Secret" to a temporary text document (this will be lost if not)
In your text document, also make a copy of the “Client ID” from the Overview section
Module Installation and Client ID
In Odoo login as admin and enable debug mode (developer mode)
Go to the apps page, do a search for Outlook. You should see microsoft_outlook and fetchmail_outlook, if not you will need to update to the latest security patch of Odoo then run the “Update Apps List” to ensure you have the latest list of apps available for your version
Install both apps - Either Outlook or Gmail
Go to Settings > General Settings. You should see a section named "Outlook Credentials". Enter your Client ID and Client Secret here.
Go to Settings > Technical > Incoming Mail Servers
You should see tickboxes for Gmail / Outlook
Tick the relevant box and configure your server settings. Note: There is no password needed here, instead a prompt will explain you need to set your API credentials in general settings which we did in the earlier step
For now, enter the correct details.
Server Name: outlook.office365.com
Username: [Email address of an Office 365 admin]
- You should see a link next to the password field called Connect to Outlook
Click this and then login with your Office365 admin details to authenticate. [Outlook Token Valid] should be displayed.
In Outgoing mail servers you may be using an SMTP relay in Office 365, if this is the case then you will not need to use OAuth and can instead use IP based or certificate based authentication
However if you are using a single outgoing mailbox (fixed address), you can configure this in Odoo as an Outgoing mail server
For SMTP relay, use the settings:
SMTP Server: mydomain-com.mail.protection.outlook.com
Connection Security: TLS (STARTTLS)
SMTP Port: 25
Some useful references below cover other aspects of setting up Office 365 integration of emails with Odoo. Particularly the Ventor guide is very good as a starting point.
Also there are guides for setting up calendar integration, which can use the same Client ID / Secret that you setup for the email integration if you wish or create new ones.
The guide for Gmail is similar, however you must follow the specific Google advice for creating API credentials as per the calendar guide.