How to integrate to external users outlook emails

Pro 20 Reputation points
2024-07-06T22:27:40.77+00:00

I'm building a SaaS that connects to customer's work/personal emails and listens to incoming email in the background (so they don't have to stay logged in) and runs an AI task on the email to give some data insights.

Some of the customers use Outlook as their email provider. How do I connect to a customer's Mailbox via Microsoft Graph? (NB: customers do not live in our tenant)

I've tried the Delegated User flow, but this doesn't work well for me as the key is short lived (1 hour) and I need to be able to access their emails even when they're not on the platform.

I've also tried the Application Only flow, but I keep getting a 401 status code when trying to access the email of someone outside my tenant/organisation (even if they're a guest).

Is there any plausible way to achieve this in Microsoft Graph? I know with Gmail it's pretty straight forward with their API.

Outlook
Outlook
A family of Microsoft email and calendar products.
3,818 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,004 questions
0 comments
Accepted answer
  1. Yakun Huang-MSFT 4,640 Reputation points Microsoft Vendor
    2024-07-08T06:35:53.81+00:00

    Hi @Pro

    This can be facilitated by application permissions, provided that your tenant is Tenant A and your client's tenant is Tenant B.

    First, you need to register A multi-tenant application in Tenant A, as shown below:

    User's image

    Grant the application the necessary permissions, then request authorization from Tenant B's administrator using the following steps:

    GET https://login.microsoftonline.com/{TenantB}/adminconsent
?client_id={cliend id of registered app in TenantA}
&state=12345
&redirect_uri={redirect_uri of registered app in TenantA}

    Then get tenant B's access token:

    POST https://login.microsoftonline.com/{TenantB}/oauth2/v2.0/token
client_id={cliend id of registered app in TenantA}
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default 
&client_secret={client_secret}
&grant_type=client_credentials

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.