Setup Email Channel-NXLink Help Center

NXLINK supports email servers based on the IMAP and SMTP protocols, including traditional account-and-password authentication (or Gmail app passwords) and OAuth 2.0 authentication for Microsoft Office 365. This document mainly explains how to configure Google Gmail and Microsoft Office 365.

How to setup Gmail Account

5、After enabling two-step verification, go to two-step verification. Search for the app-specific password and click to enter settings.

13、Please return to the NXLink system and enter the app-specific password generated in step 8.

How to setup Office365 Email Account

Microsoft Office 365 mailboxes support connecting to SMTP/IMAP using OAuth 2.0 authentication to implement email sending and receiving. For detailed official OAuth configuration instructions, please refer to Microsoft’s official documentation:

https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

Create an app registration in the Azure portal.
- Sign in to the Microsoft Entra Admin Center: https://entra.microsoft.com/#home

You can obtain the Tenant ID information, and NXLINK needs the Tenant ID to be configured.

- Create a new app registration. One app registration per tenant is sufficient, and multiple accounts can share the same application.

You need to create and record the Application (Client) ID and Client Credential, which are required when creating an email channel in NXLINK

2. Add permissions for the IMAP/SMTP API

In App Registrations - New application - API Permissions, you need to grant the newly created application access permissions for IMAP and SMTP.

The permissions IMAP.AccessAsApp and SMTP.AccessAsApp require authorization by an enterprise email server administrator before they can be used. The enterprise email administrator needs to sign in to the Azure portal, find the corresponding application, and grant the authorization.

3. Register the service principal in Exchange.

After the tenant administrator grants consent to the Microsoft Entra application, the service principal for the Entra application must be registered in Exchange through Exchange Online PowerShell. This registration is enabled by the New-ServicePrincipal cmdlet. You need to install PowerShell and enter pwsh.

To use the New-ServicePrincipal cmdlet, install ExchangeOnlineManagement and connect to the tenant, as shown in the following code snippet:

Install-Module -Name ExchangeOnlineManagement
Import-module ExchangeOnlineManagement

Sign in with the tenant administrator account and grant the permissions required for IMAP/SMTP email sending and receiving.

# 1. Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName admin@xxx.com

# 2. Register the Service Principal
# Replace <OBJECT_ID> with the Enterprise Application Object ID from Step 1
#New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID> 
New-ServicePrincipal -AppId "c765b7e6-XXXX-XXXX-XXXX-09b8a81c4f0a" -ObjectId "50b86ffa-XXXX-XXXX-XXXX-347beb41cfd7" -DisplayName "Office365 Mail Service"

# 3. Get the Service Principal Identity
Get-ServicePrincipal | fl

# 4. Grant mailbox access (use the Identity from step 4)
# Add-MailboxPermission -Identity "john.smith@contoso.com" -User 
<SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
Add-MailboxPermission -Identity "xxx@xxx.com" -User "50b86ffa-XXXX-XXXX-XXXX-347beb41cfd7" -AccessRights FullAccess

# 6. Verify
Get-MailboxPermission -Identity "xxx@xxx.com"

# 7. Disconnect
Disconnect-ExchangeOnline -Confirm:$false

<OBJECT_ID> and <SERVICE_PRINCIPAL_ID> are the Object ID shown on the Overview page of the Enterprise Application node, not the Object ID shown on the Overview page of the App Registration node in the Azure portal. Using the wrong Object ID will result in authentication failure.

You can find the corresponding Object ID by going to Azure Entra Admin Center -> Enterprise apps -> All applications, and locating the previously configured application.

Configure the Tenant ID, Application ID, and Client Secret obtained from the previous steps in the relevant settings, and then select the agent group that will handle the emails.