Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

This guide relates to the set up of OAuth 2.0 authentication for the inbox used by RSM InTime to process timesheet approval emails (under System Administration > Email Server Settings). The administrator of your email account should be able to complete the set up of OAuth 2.0 credentials and scopes/permissions. Should you have any queries or issues when completing the email account set up, please contact the relevant provider support as the RSM InTime support team will be unable to assist due to access and visibility restrictions. 

Important note:-  Log in to RSM InTime in an incognito window then do the OAuth Email-Client login step from there. This is often needed to avoid signing in accidently with their own account rather than that of the mailbox they wish to grant access to.

Outlook OAuth 2.0 Authentication Guide

You will need to register RSM InTime as an app with the identity platform in Azure Active Directory (Azure AD). Please refer to Microsoft's page on how to register an application which provides more detail on the process below.

Register the Application in Azure

Login to the Azure Portal and select "Azure Active Directory".

Make a note of your Tenant Id and click "App Registrations" on the left.


Click "New registration".


Give the registration a name (this is for your own information only, something like "InTimeMailClient"), choose "Accounts in this organisational directory only" and in the Redirect URI box, select "Web" and add the following redirect URI: https://<your-intime-domain-here>/oauth2Client/callback/Email-Client

Click Save. Make a note of the Application (client) ID  and the Directory (tenant) ID (should be the same as noted earlier).


Click "Certificates and secrets" on the left, click "New client secret", enter the descriptive name for this secret and set it to expire in an appropriate period. Click "Add". Note, when the secret expires, you'll have to create a new one and update the RSM InTime configuration.


Make a note of the Value. This will not be displayed again.

Click "API permissions" on the left. Click "Add a permission" and add the permissions noted below. They will likely be found in "Delegated Permissions" in the Graph API.

Log in to RSM InTime in an incognito window, go to Settings → Email Server Settings and enter the details shown below, replacing the email address/username with the email address/username of the mailbox you would like RSM InTime to monitor. Click Save, followed by OAuth 2.0 Settings.


You should be on the Integrations page. Click "New".

Click "Create" next to "Email-Client".


Enter your client id and client secret that you noted earlier. The rest of the page should be entered as shown below, replacing "<your-tenant-id>" with the tenant id you noted previously. Be sure to enter the scopes exactly as shown below. Click "Save, then "Back".

Click "Log In". 

You will be redirected to Microsoft to authenticate and consent, then redirected back to RSM InTime, where the status will show as "Authorised". Now return to Settings → Email Server Settings and confirm that RSM InTime can access your mailbox.

Gmail OAuth 2.0 Authentication Guide

Gmail Email Account Set Up

  • Set up a Gmail account or use an existing account. This account needs to be the account you intend to use for RSM InTime's email approval feature.
  • Login to the Google API Console (here)
  • Navigate to the Cloud Resource Centre (here)
  • Create a new project
    • Project Name: InTime
    • Location: Select the relevant organization

Click "Create"

Configure OAuth consent screen

Access the API and Services dashboard (here)

Click "Create Credentials" which is located below.

  • Select - OAuth client ID

Click "Configure Consent Screen"

Select Internal user type and click "Create"


App Name - enter 'InTime'
User support email - add the email address you wish to be used for any queries on the OAuth 2.0 consent (this could be the email administrator)
App logo - not required

Authorised domains -  enter your InTime domain here 
Developer contact information - enter support@in-time.co.uk


Adding Scopes

  • Click Add or Remove Scopes
  • Under 'Enter property name or value' enter 'https://mail.google.com/'
    • If not available, click the blue "Google API Library" in the text above the list.
      • Search for "Gmail API", select the result "Gmail API" and click "Enable"
      • On the left hand menu, click "OAuth consent Screen" and click Edit App
      • Scroll to the bottom and click "Save and Continue"
      • Click "Add or Remove Scopes"
      • Search again for "https://mail.google.com/"
  • Tick the result and click " Update"


The scope should now be shown under "Your restricted scopes"


Adding OAuth2 Credentials 

  • In the Google API Console, go to Credentials
  • Click on Create Credentials and select OAuth client ID
  • From Application Type, pick Web application
  • Enter 'InTime' under the Name field
  • In the Authorized redirect URIs field - Enter your InTime URL along with "oauth2Client/callback?app=Email-Client" - Make a note of this, as you will need this later on.
      • Example - https://demo.in-time.co.uk/oauth2Client/callback?app=Email-Client


Click Create.

Within the Credentials tab on the left-hand side, you'll now see your Client ID - InTime. - Click the name.

Make a note of the Client ID and Client Secret in the top right of the screen.

RSM InTime OAuth 2.0 Integration Set Up

Once OAuth credentials and scopes have been enabled on your email account, you need to configure the integration within RSM InTime.

  • In RSM InTime, go to System Administration > System > Email Server Settings
  • From the Authentication Method dropdown, select 'OAuth 2.0'
  • Click on 'OAuth 2.0 Settings', this will direct you to the OAuth Integrations screen
  • Click on New and click Create next to 'Email-Client'

Enter the following information

Click Save and then Back

Click Log In


Log into Gmail/Outlook using the email account credentials, allow permission for the app to access the inbox.

Finally within RSM InTime, go to System Administration > System > Email Server Settings

  • Authentication Method: OAuth 2.0
  • Email Server: imap.gmail.com
  • Protocol: imap
  • Port: 993
  • SSL Required: Yes
  • Email Address: Email address to be used for Email Approval within RSM InTime
  • Username: Re-enter email address from above.
  • Password: Enter the password for the email account.


Click Save

Your RSM InTime instance will now be connected to your email server account using OAuth 2.0 authentication. 





  • No labels