# EWS - Authorize the Connection

1. Enable the “Use OAuth 2.0 Authentication” checkbox in both the Incoming and Outgoing email server settings and click “Manage Token” 

{% hint style="info" %}
Both incoming and outgoing email servers can use the same token but each must be authorized separately to establish the respective connections 
{% endhint %}

2. Set the following values in the OAuth Token Details form:
   * Type: Microsoft Graph API 
   * Grant Type: authorization\_code 
   * Callback URL: Error! Hyperlink reference not valid. 
   * Authorization URL: [https://login.microsoftonline.com/{Azure Tenant ID}/oauth2/v2.0/authorize](https://login.microsoftonline.com/%7bAzure%20Tenant%20ID%7d/oauth2/v2.0/authorize)
   * Access Token URL: [https://login.microsoftonline.com/{Azure Tenant ID}/oauth2/v2.0/token](https://login.microsoftonline.com/%7bAzure%20Tenant%20ID%7d/oauth2/v2.0/token) 
   * **Client ID:** Value from the Azure App Registration 
   * **Client Secret:** The secret created for the App Registration 
3. The following scopes are required: 
   * <https://outlook.office365.com/**Mail.ReadWrite**&#x20>;
   * <https://outlook.office365.com/**Mail.Send**&#x20>;
   * <https://outlook.office365.com/**User.Read**&#x20>;
   * <https://outlook.office365.com/**EWS.AccessAsUser.All> offline\_access\*\*&#x20;

{% hint style="info" %}
**The following scopes must be used if you intend to use a shared mailbox**

* <https://outlook.office365.com/Mail.ReadWrite&#x20>;
* <https://outlook.office365.com/Mail.Send&#x20>;
* <https://outlook.office365.com/User.Read&#x20>;
* <https://outlook.office365.com/Mail.ReadWrite.Shared&#x20>;
* <https://outlook.office365.com/Mail.Send.Shared&#x20>;
* <https://outlook.office365.com/EWS.AccessAsUser.All> offline\_access&#x20;
  {% endhint %}

{% hint style="warning" %}
Corresponding permissions for these scopes ***may*** need to be added manually to the App Registration.
{% endhint %}

<figure><img src="/files/qczooJEq3AxBX9Q35yL9" alt=""><figcaption></figcaption></figure>

4. Click 'Authorize'
5. A pop up window will appear for you to enter the Exchange credentials and then authorize the connection

<figure><img src="/files/TfpxFeIyN5PHqi5Lg1ML" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/vZ28tlU42pJxazUaLYfS" alt=""><figcaption></figcaption></figure>

6. When the authorization process is complete, the popup will close.&#x20;
7. The OAuth Token Details dialog should close shortly thereafter.&#x20;

&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.alemba.com/asm-hermes/setup-and-configure-asm/setting-up-your-system/setup-email/setting-up-incoming-and-outgoing-email/configuring-exchange-web-services-ews/ews-authorize-the-connection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.