...
Table of Contents | ||
---|---|---|
|
For FlexDeploy, you will want to create
...
Activating a FlexDeploy Microsoft Graph Integration
...
Register a New App
Navigate to the Azure portal and select Azure Active Directory from the browser. Once there click on App Registrations and register a new app.
...
Add the Redirect URI
Give your app a name and set the web redirect URI.
Info |
---|
This should be your FlexDeploy server with the following path /flexdeploy/rest/v2/oauth |
...
Request Permissions
After clicking register copy the client id and tenant id on the home page of the application. Next click on API Permissions
...
On the API Permissions screen, click Add a Permission and select Microsoft Graph → Delegated Permissions.
...
You will need to add the following permissions:
User.Read
Mail.Send
Mail.ReadWrite (Only if you are configuring Email Approval)
Mail.Send.Shared (If you are sending from a shared mail box)
Mail.ReadWrite.Shared (Only if you are configuring Email Approval and checking a shared mailbox)
...
Note |
---|
You may need your admin to grant consent for the permissions above, which they can do by navigating to the same screen as above and hitting the currently disabled ‘Grant admin consent’ button. If you need it, and don’t have it, you will get an error similar to this: WARNING - emailapprovalmonitor - null - null - flexagon.fd.services.email.GraphIMAPEmailClient.getMessages - {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}} |
Add a Client Secret, OR upload an X509 certificate.
Info |
---|
Support for Client Certificates was added in 9.0.0.1, so if you are using 9.0.0.0 or earlier, it is not available. |
Finally, navigate to Certificates & secrets on the left hand panel, create a client secret and copy that to safe location.
Info |
---|
Be sure to copy the value of the secret. The secret id is not needed. |
...
To upload an X.509 certificate in FlexDeploy, navigate to the Credentials screen and select the option to upload a certificate. You will need to use a Certificate-type credential to store the X.509 certificate and an SSH-Key type credential to hold the private key that corresponds to the certificate. Ensure that the private key matches the uploaded X.509 certificate to enable proper functionality.
Configure FlexDeploy to use the new application
Navigate to System Settings → Integration Settings
For FlexDeploy, you will want to create a new application unless you made one for this purpose. Only one is needed for incoming and outgoing mail.
Populate OAuth Information
Anchor | ||||
---|---|---|---|---|
|
First, go to System Settings,-> Integration Settings and create an OAuth Application if you don’t have one. Add the
Client Id
Client Secret
Optionally Private Key, for Client Credential Authentication
Tenant Id
...
Click Save.
Authorize FlexDeploy
In order to authorize, you should login to http://outlook.com as the user you wish to authorize as first. Otherwise, especially if you are using SSO, it is likely that you will be authorizing as the wrong user. The idea is that when you click authorize, it will ask you who to login as, and you will select (or type) the same user that you have in the imap user / smtp user box that you are authorizing. You may need to use an incognito tab or guest window if your network signs you in automatically.
After populating the necessary fields, click either the Authorize or Re-Authorize buttons. At this point you will be re-directed to Microsoft to authorize FlexDeploy as the same user that you have in the imap user / smtp user box that you are authorizing. If everything is successful you should be redirected back to this page.
If you are ready, click the Authorize button.
Connecting a FlexDeploy account to a Microsoft Graph Application
Navigate to System Settings → Email Settings and use the page Configuring Graph OAuth - Microsoft Office 365 to configure it.