This guide will assist users in creating applications in Azure that are compatible with the email settings of FlexDeploy and connecting to them.
Register a New App
Navigate to the Azure portal and select Azure Active Directory from the browser. Once there click on App Registrations and register a new app.
Add the Redirect URI
Give your app a name and set the web redirect URI.
This should be your FlexDeploy server with the following path /flexdeploy/rest/v2/oauth
Request Permissions
After clicking register copy the client id and tenant id on the home page of the application. Next click on API Permissions
On the API Permissions screen, click Add a Permission and select Microsoft Graph → Delegated Permissions.
You will need to add the following permissions:
IMAP.AccessAsUser.All
offline_access
SMTP.Send
User.Read
You may need your admin to grant consent for the permissions above, which they can do by navigating to the same screen as above and hitting the currently disabled ‘Grant admin consent’ button
Add a Client Secret, OR upload an X509 certificate.
Support for Client Certificates was added in 9.0.0.1, so if you are using 9.0.0.0 or earlier, it is not available.
Finally, navigate to Certificates & secrets on the left hand panel, create a client secret and copy that to safe location.
Be sure to copy the value of the secret. The secret id is not needed.
To upload an X.509 certificate in FlexDeploy, navigate to the Credentials screen and select the option to upload a certificate. You will need to use a Certificate-type credential to store the X.509 certificate and an SSH-Key type credential to hold the private key that corresponds to the certificate. Ensure that the private key matches the uploaded X.509 certificate to enable proper functionality.
Configure FlexDeploy to use the new application
Navigate to System Settings → Integration Settings
For FlexDeploy, you will want to create a new application unless you made one for this purpose. Only one is needed for incoming and outgoing mail.
Populate OAuth Information
First, go to System Settings,-> Integration Settings and create an OAuth Application if you don’t have one. Add the
Client Id
Client Secret
Optionally Private Key, for Client Credential Authentication
Tenant Id
Click Save.
Authorize FlexDeploy
In order to authorize, you should login to http://outlook.com as the user you wish to authorize as first. Otherwise, especially if you are using SSO, it is likely that you will be authorizing as the wrong user. The idea is that when you click authorize, it will ask you who to login as, and you will select (or type) the same user that you have in the imap user / smtp user box that you are authorizing. You may need to use an incognito tab or guest window if your network signs you in automatically.
After populating the necessary fields, click either the Authorize or Re-Authorize buttons. At this point you will be re-directed to Microsoft to authorize FlexDeploy as the same user that you have in the imap user / smtp user box that you are authorizing. If everything is successful you should be redirected back to this page.
If you are ready, click the Authorize button.
Connecting a FlexDeploy account to a Microsoft Application
Navigate to System Settings → Email Settings and use the page Configuring OAuth - Microsoft Office 365 to configure it.