Using OAuth Authentication
Setting OAuth authentication
Some E-mail services recommend you to use OAuth authentication using an access token instead of a user name and password when sending E-mails for more secure authentication.
If you want to use OAuth authentication with your E-mail service, configure this machine to use OAuth authentication. This machine supports Microsoft and Google as OAuth providers.
If OAuth authentication is enabled, perform OAuth authentication using Control Panel on this machine before sending an E-mail and obtain a token from the OAuth provider. Sending of E-mails becomes possible by adding the obtained token to an E-mail.
The following functions are subject to OAuth authentication.
Type | Target function |
|---|---|
User functions | Scan to E-mail, Scan to Me, Scan to URL, Internet Fax TX, E-mail sending from a User Box, E-mail sending from the OpenAPI/IWS application |
Administrator functions | E-mail Notification, Total Counter Notification, Forward TX, TSI Routing, Status Notification Setting, TX Result Report Print |
When using OAuth authentication, follow the steps below to configure the settings.
Configure the OAuth authentication settings from the Control Panel.
1
Select [System Settings] - [Machine Setting] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and set the E-mail address (Microsoft or Google E-mail address) of this machine's administrator to [E-mail Address] of [Administrator Registration].
When using the Internet Fax function, set the same E-mail address as [E-mail Address] of [Administrator Registration] to [E-mail Address] of [Input Machine Address].
2
When a proxy server is installed in your environment, configure the following proxy settings. When not using a proxy server, proceed to step 3.
[Security] - [Certificate Verification Settings] - [Proxy Settings] in administrator mode of Web Connection
[System Settings] - [Web Browser Setting] - [Operation Settings] - [Proxy Settings] in administrator mode of Web Connection (To display this setting, you need to enable the Web browser function.)
3
Select [Utility] - [Administrator] - [Network] - [E-mail Setting] - [E-mail TX (SMTP)] - [OAuth Settings] on the Control Panel of this machine, configure the following settings, and then tap [OK].
[OAuth 2.0]: When using the OAuth authentication, set this option to ON (default: OFF).
[OAuth 2.0 Provider]: Specify the OAuth provider (default: [Microsoft]). Specify the E-mail address provider.
4
When a message is displayed to move to the OAuth authentication screen, tap [OK].
5
Perform the administrator's authentication on the OAuth authentication screen.
6
If a message is displayed to show that the token acquisition was successful, tap [OK].
Once a token is acquired, [Status] of [Refresh Tokens (Administrator)] in [OAuth Settings] changes from [Required] to [Acquired].
If the administrator's OAuth authentication is canceled due to the token expiration, etc., a warning message is displayed on the [Information] screen. In that case, tap [Acquire] of [Refresh Tokens (Administrator)] in [OAuth Settings] to perform the administrator's re-authentication, and acquire a token again.
7
Select [Network] - [E-mail Setting] - [E-mail TX (SMTP)] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine), and set the SMTP server address of the OAuth provider.
Tips
- The OAuth authentication performs authentication for the sender's E-mail address (From address). The E-mail address used for the From address varies depending on the setting of [Utility] - [Administrator] - [Network] - [E-mail Setting] - [E-mail TX (SMTP)] - [Change From Address Setting].
In order to set [Change From Address Setting] to [Login User Address] or [Allow User Changes] and use the user's E-mail address as the From address, the OAuth authentication screen is displayed on the Control Panel when the user executes the E-mail sending, so the user must perform OAuth authentication.
In order to set [Change From Address Setting] to [Fix Administrator Address] and use the administrator's E-mail address as the From address, the administrator needs to perform OAuth authentication in [OAuth Settings] in advance.
In order to set [Change From Address Setting] to [Bulk setting] and use the E-mail address specified in [Bulk setting] as the From address, the administrator needs to perform OAuth authentication in [OAuth Settings] in advance. When setting [Change From Address Setting] to [Bulk setting], specify the same E-mail address as the administrator's E-mail address for the From address. - When [Utility] - [Administrator] - [Security] - [PKI Settings] - [Enable SSL Version] - [SSL/TLS Version Setting] is set to TLSv1.3 for both [Minimum] and [Maximum], if the OAuth provider is set to Microsoft, the OAuth authentication is not available.
- When setting the OAuth provider to Google, configure the following settings in advance.
Set [Network] - [WebDAV Settings] - [WebDAV Client Settings] - [HTTP Version Setting] to [HTTP/2,HTTP/1.1] in administrator mode of Web Connection (or in [Utility] - [Administrator] of this machine). - There are access token and refresh token.
The access token is required for sending E-mails. The obtained access token is stored in the machine, but expires after approximately one hour. It is also deleted when the machine is turned off, then on.
The refresh token is used to obtain a new access token. The obtained refresh token is stored in the machine and can be used for several months. Even if the access token expires, the refresh token can be used to obtain a new access token, so re-authentication is not necessary unless the refresh token expires. - To delete the token acquired by the user, tap [Delete] in [Refresh Tokens (User)] in [OAuth Settings]. If you want to automatically delete a user's token when the user logs out or when the system auto reset function is activated, set [Auto Delete] to ON (default: OFF).
- If this machine is connected to Network 2 with VLAN (Virtual LAN) enabled, the OAuth authentication cannot be set.
OAuth authentication problems
Description of problem | Check points | Remedy |
|---|---|---|
The OAuth authentication fails when sending Microsoft E-mails. | Have you checked the E-mail settings of the target user in the Microsoft 365 admin center? | In the Microsoft 365 admin center, select the target user from [Active users], and select the [Authenticated SMTP] check box in [Manage email apps] on the [Mail] tab. |
in the upper-right of a page, it turns into 
and is registered as a bookmark.