[comment]: # ({5bf0f6b7-80ee944a}) # 1 Automated Gmail/Office365 media types [comment]: # ({/5bf0f6b7-80ee944a}) [comment]: # ({27821f3a-be2d5c54}) #### Overview Gmail or Office365 users may benefit from automated features in media type configuration. [comment]: # ({/27821f3a-be2d5c54}) [comment]: # ({31bf66fc-b0fa1cf9}) #### Configuration The *Email provider* field in the email media type configuration allows to select pre-configured options for Gmail and Office 365. When selecting the Gmail/Office365 related options, it is only required to supply the sender email address/password to create a working media type. ![](../../../../assets/en/manual/config/notifications/media_type_gmail.png){width="600"} As soon as the email address/password is supplied, Zabbix will be able to automatically fill all required settings for Gmail/Office365 media types with the actual/recommended values, i.e., *SMTP server*, *SMTP server port*, *SMTP helo*, and *Connection security*. Because of this automation, these fields are not even shown, however, it is possible to see the SMTP server and email details in the media type list (see the *Details* column). Note also that: - The password is not required for the relay options. - For Office365 relay, the domain name of the provided email address will be used to dynamically fill the SMTP server (i.e., replace "example.com" in `example-com.mail.protection.outlook.com` with the real value). [comment]: # ({/31bf66fc-b0fa1cf9}) [comment]: # ({4f9f19d2-3ff6bd7b}) #### OAuth tokens The retrieval of [OAuth tokens](/manual/config/notifications/media/email#oauth-tokens) has automated features for *Gmail*, *Gmail relay* and *Office365* email providers. ![](../../../../../assets/en/manual/config/notifications/media/media_email_oauth2.png){width="600"} It is only necessary to supply a limited set of parameters for OAuth access and refresh token retrieval - *Redirection endpoint*, *Client ID* and *Client secret*. Zabbix will automatically fill the other required values (see [OAuth URL defaults by provider](#oauth-url-defaults-by-provider)). Note that it is also possible to use the [Generic SMTP](/manual/config/notifications/media/email#oauth-tokens) form for setting up OAuth authorization for these providers. :::noteclassic SmtpClientAuthentication must be enabled either per user/shared mailbox or per whole tenant in Office365 (not enabled by default settings). ::: [comment]: # ({/4f9f19d2-3ff6bd7b}) [comment]: # ({421dac1d-1da76d8f}) #### OAuth URL defaults by provider The following table lists default OAuth URL values and parameters per provider that are used by Zabbix. |Parameter|<|Gmail|Office365|Generic SMTP| |-|----------|--------------------|--------------------|--------------------| |*Authorization endpoint*|<|`https://accounts.google.com/o/oauth2/v2/auth`|`https://login.microsoftonline.com/common/oauth2/v2.0/authorize`|No default| | |*scope*|`https://mail.google.com`|`https://outlook.office.com/SMTP.Send, offline_access`|No default| |^|*access_type*|`offline`|Not used|No default| |^|*prompt*|`consent`|Not used|No default| |^|*redirect_uri*|Value of *Redirection endpoint* field is added by code automatically. Not listed in *Authorization endpoint* parameters.|<|<| |^|*state*|Unique hash to identify media being updated with OAuth token is added by code automatically. Not listed in *Authorization endpoint* parameters.|<|<| |*Token endpoint*|<|`https://oauth2.googleapis.com/token`|`https://login.microsoftonline.com/common/oauth2/v2.0/token`|No default| | |*grant_type*|`authorization_code`|`authorization_code`|No default| |^|*redirect_uri*|Value of *Redirection endpoint* field is added by code automatically. Not listed in *Token endpoint* parameters.|<|<| |^|*state*|Unique hash to identify media being updated with OAuth token is added by code automatically. Not listed in *Token endpoint* parameters.|<|<| [comment]: # ({/421dac1d-1da76d8f}) [comment]: # ({8ef04233-2d479df2}) #### Office365 workaround for personal accounts Office365 personal accounts do not support query strings in the redirect URL. To work around this issues the Apache web server administrator can add the following rewrite rule to the `.htaccess` file: ```bash RewriteEngine On RewriteRule ^/oauth\.authorize$ /zabbix.php?action=oauth.authorize [QSA,L,PT] ``` This enables the use of a simplified redirect URL like: ```bash http://server-name/zabbix/oauth.authorize ``` instead of a URL with query parameters, ensuring compatibility with Office365 personal accounts. [comment]: # ({/8ef04233-2d479df2})