Versions Compared

Version Old Version 1 New Version 2
Changes made by

Karl Henselin

Karl Henselin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
stylenone

For FlexDeploy, you will want to create

...

Activating a FlexDeploy Microsoft Graph Integration

...

Register a New App

Navigate to the Azure portal and select Azure Active Directory from the browser. Once there click on App Registrations and register a new app.

...

Add the Redirect URI

Give your app a name and set the web redirect URI.

Info

This should be your FlexDeploy server with the following path /flexdeploy/rest/v2/oauth

...

Request Permissions

After clicking register copy the client id and tenant id on the home page of the application. Next click on API Permissions

...

On the API Permissions screen, click Add a Permission and select Microsoft Graph → Delegated Permissions.

...

You will need to add the following permissions:

  • User.Read

  • Mail.Send

  • Mail.ReadWrite (Only if you are configuring Email Approval)

  • Mail.Send.Shared (If you are sending from a shared mail box)

  • Mail.ReadWrite.Shared (Only if you are configuring Email Approval and checking a shared mailbox)

...

Note

You may need your admin to grant consent for the permissions above, which they can do by navigating to the same screen as above and hitting the currently disabled ‘Grant admin consent’ button.

If you need it, and don’t have it, you will get an error similar to this: WARNING - emailapprovalmonitor - null - null - flexagon.fd.services.email.GraphIMAPEmailClient.getMessages - {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}

Add a Client Secret, OR upload an X509 certificate.

Info

Support for Client Certificates was added in 9.0.0.1, so if you are using 9.0.0.0 or earlier, it is not available.

Finally, navigate to Certificates & secrets on the left hand panel, create a client secret and copy that to safe location.

Info

Be sure to copy the value of the secret. The secret id is not needed.

...

To upload an X.509 certificate in FlexDeploy, navigate to the Credentials screen and select the option to upload a certificate. You will need to use a Certificate-type credential to store the X.509 certificate and an SSH-Key type credential to hold the private key that corresponds to the certificate. Ensure that the private key matches the uploaded X.509 certificate to enable proper functionality.

Configure FlexDeploy to use the new application

Navigate to System Settings → Integration Settings

For FlexDeploy, you will want to create a new application unless you made one for this purpose. Only one is needed for incoming and outgoing mail.

Populate OAuth Information
Anchor
Populate-OAuth-Information
Populate-OAuth-Information

First, go to System Settings,-> Integration Settings and create an OAuth Application if you don’t have one. Add the

  1. Client Id

  2. Client Secret

  3. Optionally Private Key, for Client Credential Authentication

  4. Tenant Id

...

Connecting a FlexDeploy account to a Microsoft Graph Application

...