How to setup Azure mail using Graph API with client credentials (application permissions) in Jira Data Center

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

This documentation provides detailed steps on how to setup Jira to access Azure mail with Microsoft Graph API authentication using the grant type client credentials(also known as application permissions).

ℹ️ If you need to set up mail on Azure with Microsoft Graph API using an authorization code (delegated permissions) , refer to this KB article instead: Detailed steps to configure OAuth 2.0 integration with Microsoft Azure

Environment

This feature is only available in Jira 9.17 and above.

Solution

  1. Navigate to https://portal.azure.com.

  2. Navigate to App registrations > New registration. Give it a name, and ensure to select this option under Supported account types:

    • Accounts this organizational directory only (<organization> only - Single tenant)

  3. Click Register. A summary will be displayed under Essentials. Take note of the following values, as they will be used in subsequent steps:

    • Application (client) ID

    • Directory (tenant) ID

  4. Click on API permissions > Add a permission > Microsoft Graph > Application permissions and add the following ones:

    • Mail.ReadWrite

    • User.Read.All

    • Mail.ReadWrite.Shared (only if this option is available)

  5. Click on Grant admin consent for <directory name>.

  6. Click on Certificates & secrets > Client secrets > New client secret. Immediately copy its Value, as it won't be available afterward. Please take note of it, as it will be used in subsequent steps.

  7. In Jira, navigate to Cog Icon > Applications > Application links > Create link > External application > Outgoing.

  8. Fill in the fields as follows:

    • Grant type:Client credentials

    • Service provider:Microsoft

    • Name:<enter any name>

    • Client ID:<Application (client) ID from step #3>

    • Client secret:<value from step #6>

    • Scopes:https://graph.microsoft.com/.default

    • Token endpoint:

      1 2 https://login.microsoftonline.com/<Directory (tenant) ID from step #3>/oauth2/v2.0/token

  9. Save the settings, then click the (...) next to the newly created application link and Test connection. It should say Connected successfully.

  10. Navigate to Cog Icon > System > Incoming mail > Add mail server and fill the form as follows:

    • Name:<any name>

    • Service provider:Microsoft Graph API

      ⚠️You might need to pick Microsoft Exchange instead, depending on how your Azure platform is configured.

    • Username:<username or email address used to access the mailbox>

    • Authentication method:select the OAuth 2.0 application link created in the previous steps.

Updated on April 24, 2025
Platform
Data Center only
Product
Jira Software Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community