/
Connecting your mailbox to InTime

Connecting your mailbox to InTime

Owned by Stuart McKay
Last updated: Apr 25, 2025

Contents

Introduction

InTime allows you to connect a mailbox to enable automated processing of timesheet approval emails. By linking your mailbox using OAuth, InTime can securely access and read incoming approval requests.

This page covers the steps required to set up a mailbox connection to InTime using OAuth via Microsoft Office 365 (through Azure) and Google Workspace, as these are the most commonly used platforms. If your organisation uses a different mailbox provider, you should seek guidance from your IT team or mailbox provider to understand how OAuth access can be configured and your chosen mailbox connected to InTime.

Create your mailbox

The first step is to create a dedicated mailbox that InTime will connect to for processing timesheet approval emails. We recommend setting this up as an unmanned mailbox to ensure it is used solely for automated approvals and avoids unnecessary human interaction. However, if needed, the mailbox can still be configured to allow access for monitoring or administrative purposes.

You can name the mailbox anything you choose, but we recommend using something clear and relevant—such as intime@youremailaliashere.com—so its purpose is easily identifiable within your organisation.

Azure (Microsoft 365)

Step 1 - Register an Application in Azure (Office 365)

To allow InTime to connect to your Office 365 mailbox using OAuth, you’ll need to register an application in Azure Active Directory. This creates the necessary credentials and permissions for InTime to access the mailbox securely.

If you have already configured an application for single sign on, please register a new separate application for your mailbox connection.

Instructions:

  • Log in to Azure Portal
    Go to https://portal.azure.com and sign in with an account that has the necessary admin privileges.

  • Navigate to Azure Active Directory
    In the left-hand menu, select Azure Active Directory.

  • Register a New Application

    • Go to App registrations.

      991b1893-8ee4-43f0-8e84-8758599baba6.png

    • Click New Registration.

    • Screenshot 2.png

    • Name the app something identifiable, such as InTime Mailbox Connector.

    • Under Supported account types, select Accounts in this organizational directory only.

    • Under Redirect URI, choose Web and enter your URI in the following format:

      • https://<your-intime-domain-here>/oauth2Client/callback/Email-Client

    • The Redirect URI should match the redirect value stored in InTime > Settings > oAuth2 Integrations (see the InTime configuration section for further details).

    • Click Register.

  • Create a Client Secret

    • After registration, go to Certificates & secrets.

    • Click + New client secret.

    • Add a description (e.g. "InTime Connector Secret") and choose an appropriate expiry period.

Untitled1.png

Click Add, then copy the secret value (do not copy the secret ID) immediately—you’ll need this in InTime.

Important: Copy the secret value now. It will not be visible again after you leave the page.

Untitled5.png

  • Configure API Permissions

    • Go to API permissions > + Add a permission.

    • Select Microsoft Graph > Delegated permissions.

    • Add the following permissions:

      • Mail.Read

      • User.Read

      • IMAP.AccessAsUser.All

      • offline_access

    • Click Add permissions, then click Grant admin consent.

    • Your API permission list should look similar to the screenshot below:

image-20250425-115018.png

 

  • Copy the Application (Client) ID and Directory (Tenant) ID

    • You'll need both of these IDs when entering the mailbox configuration into InTime.

      Untitled1.png

Step 2 - Configure InTime (Azure)

A. Configuring oAuth

Before configuring the mailbox in InTime, you must log in using an Incognito (Chrome) or InPrivate (Edge) browser session. This is essential, as the OAuth authentication flow will fail if not performed in a private session.

  • Click Settings > oAuth 2.0 Settings.

  • Untitled6.png

  • If the Settings menu is unavailable, contact your system administrator to ensure your user role has appropriate access.

  • On the Integrations page click New.

    Untitled2.png

  • Click Create for the Email-Client application.

  • Untitled3.png

  • On the New Email-Client Integration page, populate the fields as follows:

    • Client ID

    • Client Secret

    • Response Type:

      • Enter Code

    • Strict SSL:

      • Tick this box.

    • Basic Authentication:

      • Untick this box.

    • Auth Server:

      • https://login.microsoftonline.com/<replace_with_your_tenant_ID>/oauth2/v2.0/authorize

        • Replace <replace_with_your_tenant_ID> with your actual tenant ID (see Azure section).

    • Redirect:

      • This should match the URI redirect you configured in Step 1 (Azure app setup).

    • Token Server:

      • https://login.microsoftonline.com/<replace_with_your_tenant_ID>/oauth2/v2.0/token

        • Again, replace <replace_with_your_tenant_ID> accordingly.

    • Permitted Scopes

      • Add each of the following one at a time, clicking Add after each:

        • https://outlook.office.com/IMAP.AccessAsUser.All

        • https://outlook.office.com/mail.read

        • offline_access

These scopes must match exactly and also be configured in your Azure app. If they don’t, mailbox authentication will fail.

  • The completed Email-Client Integration page should look similar to the screenshot below once configured:

    image-20250425-123610.png

     

    • Click Save.

  • You will return to the Integrations page, where Email-Client will appear with a status of Not Authorised.

B. Authorise the Mailbox Connection

  • Click Log In

    • This step can only be completed if logged in to InTime using a private session.

  • Follow Microsofts sign-in process, using:

    • The mailbox email address you wish InTime to connect to.

    • The password for that mailbox.

  • Upon successful login, you'll be redirected to the Integrations page.

    • The Email-Client status should now show Authorised.

C. Populating server settings

The final steps in the configuration process is to configure the mailbox email server settings.

  • Click Settings > Email Server Setting.

  • On the Email Server Settings page populate the fields as follows:

    • Authentication Method:

      • Set to OAuth 2.0.

    • Email Server:

      • Enter outlook.office365.com

    • Protocol:

      • Set to imaps.

    • Port:

      • Set to 993

    • SSL Required

      • Set to Yes.

    • Email address:

      • Enter the email address InTime will connect to.

    • Username:

      • Enter the email address InTime will connect to.

    • Password:

      • Enter the password.

  • Once completed, click Save.

  • If you have configured all the above steps, the page will display a green tick indicator with the message Your email account can be accessed.

Step 3 - Troubleshooting