Microsoft Graph Mailer settings
Introduced in GitLab 15.5.
Prerequisites:
- To use the Microsoft Graph API to send mails, you must first
create an application
in the Azure Active Directory, and add the
Mail.Send
application permission.
If you would rather send application emails using Microsoft Graph API
with OAuth 2.0 client credentials flow,
add the following configuration information to /etc/gitlab/gitlab.rb
and run gitlab-ctl reconfigure
.
# The originating email address for outgoing mail
gitlab_rails['gitlab_email_from'] = '<YOUR_ACCOUNT_EMAIL>'
# The reply-to email address
gitlab_rails['gitlab_email_reply_to'] = '<YOUR_ACCOUNT_EMAIL>'
gitlab_rails['microsoft_graph_mailer_enabled'] = true
# The unique identifier for the user. To use Microsoft Graph on behalf of the user.
gitlab_rails['microsoft_graph_mailer_user_id'] = "<YOUR_USER_ID>"
# The directory tenant the application plans to operate against, in GUID or domain-name format.
gitlab_rails['microsoft_graph_mailer_tenant'] = "<YOUR_TENANT_ID>"
# The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
gitlab_rails['microsoft_graph_mailer_client_id'] = "<YOUR_CLIENT_ID>"
# The client secret that you generated for your app in the app registration portal.
gitlab_rails['microsoft_graph_mailer_client_secret'] = "<YOUR_CLIENT_SECRET_ID>"
gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"
gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"
Troubleshooting
ErrorSendAsDenied
The full error message is:
"ErrorSendAsDenied","message":"The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message."
To resolve this error:
-
Verify your API permissions are correct by reviewing the application permission.
-
Set the following fields to the email address for the account you’re using:
-
gitlab_rails['gitlab_email_from']
. -
gitlab_rails['gitlab_email_reply_to']
.
-
Other than permissions, this error is sometimes caused because the server does not allow the default gitlab_email_from
value to be used. You should set the value to the email address for the account you’re authenticating with.