Microsoft Graph Mailer settings

Tier: Free, Premium, Ultimate Offering: Self-managed
History

Prerequisites:

  • To use the Microsoft Graph API to send mails, you must first create an application in the Azure Active Directory, and add the Mail.Send application permission.
  • Set the application permissions to App-only access. Make sure the permissions are not set to Delegated.

If you would rather send application emails using Microsoft Graph API with OAuth 2.0 client credentials flow, add the following configuration information to /etc/gitlab/gitlab.rb and run gitlab-ctl reconfigure. 

# The originating email address for outgoing mail
gitlab_rails['gitlab_email_from'] = '<YOUR_ACCOUNT_EMAIL>'

# The reply-to email address
gitlab_rails['gitlab_email_reply_to'] = '<YOUR_ACCOUNT_EMAIL>'

gitlab_rails['microsoft_graph_mailer_enabled'] = true

# The unique identifier for the user. To use Microsoft Graph on behalf of the user.
gitlab_rails['microsoft_graph_mailer_user_id'] = "<YOUR_USER_ID>"

# The directory tenant the application plans to operate against, in GUID or domain-name format.
gitlab_rails['microsoft_graph_mailer_tenant'] = "<YOUR_TENANT_ID>"

# The application ID that's assigned to your app. You can find this information in the portal where you registered your app.
gitlab_rails['microsoft_graph_mailer_client_id'] = "<YOUR_CLIENT_ID>"

# The client secret that you generated for your app in the app registration portal.
gitlab_rails['microsoft_graph_mailer_client_secret'] = "<YOUR_CLIENT_SECRET_ID>"

gitlab_rails['microsoft_graph_mailer_azure_ad_endpoint'] = "https://login.microsoftonline.com"

gitlab_rails['microsoft_graph_mailer_graph_endpoint'] = "https://graph.microsoft.com"

Troubleshooting

ErrorSendAsDenied

The full error message is: 

"ErrorSendAsDenied","message":"The user account which was used to submit this request does not have the right to send mail on behalf of the specified sending account., Cannot submit message."

To resolve this error:

  1. Verify your API permissions are correct by reviewing the application permission.

  2. Set the following fields to the email address for the account you’re using:

    • gitlab_rails['gitlab_email_from'].
    • gitlab_rails['gitlab_email_reply_to'].

Other than permissions, this error is sometimes caused because the server does not allow the default gitlab_email_from value to be used. You should set the value to the email address for the account you’re authenticating with.

Tail logs

For troubleshooting, use the tail logs command to view live GitLab log updates: 

# Tail all logs for the application
sudo gitlab-ctl tail

# Tail logs for an application sub-directory
sudo gitlab-ctl tail gitlab-rails

# Tail logs for an individual file in the application
sudo gitlab-ctl tail nginx/gitlab_error.log

To stop any of these commands, press Control+C.