Creating and connecting to an Office 365 email application compatible with FlexDeploy

This guide will assist users in creating applications in Azure that are compatible with the email settings of FlexDeploy and connecting to them.

Register a New App

Navigate to the Azure portal and select Azure Active Directory from the browser. Once there click on App Registrations and register a new app.

Add the Redirect URI

Give your app a name and set the web redirect URI.

This should be your FlexDeploy server with the following path /flexdeploy/rest/v2/oauth

Request Permissions

After clicking register copy the client id and tenant id on the home page of the application. Next click on API Permissions

On the API Permissions screen, click Add a Permission and select Microsoft Graph → Delegated Permissions.

You will need to add the following permissions:

  • IMAP.AccessAsUser.All

  • offline_access

  • SMTP.Send

  • User.Read

You may need your admin to grant consent for the permissions above, which they can do by navigating to the same screen as above and hitting the currently disabled ‘Grant admin consent’ button

Add a Client Secret, OR upload an X509 certificate.

Support for Client Certificates was added in 9.0.0.1, so if you are using 9.0.0.0 or earlier, it is not available.

Finally, navigate to Certificates & secrets on the left hand panel, create a client secret and copy that to safe location.

To upload an X.509 certificate in FlexDeploy, navigate to the Credentials screen and select the option to upload a certificate. You will need to use a Certificate-type credential to store the X.509 certificate and an SSH-Key type credential to hold the private key that corresponds to the certificate. Ensure that the private key matches the uploaded X.509 certificate to enable proper functionality.

Configure FlexDeploy to use the new application

Navigate to System Settings → Integration Settings

For FlexDeploy, you will want to create a new application unless you made one for this purpose. Only one is needed for incoming and outgoing mail.

Populate OAuth Information

First, go to System Settings,-> Integration Settings and create an OAuth Application if you don’t have one. Add the

  1. Client Id

  2. Client Secret

  3. Optionally Private Key, for Client Credential Authentication

  4. Tenant Id

Click Save.

Authorize FlexDeploy

In order to authorize, you should login to http://outlook.com as the user you wish to authorize as first. Otherwise, especially if you are using SSO, it is likely that you will be authorizing as the wrong user. The idea is that when you click authorize, it will ask you who to login as, and you will select (or type) the same user that you have in the imap user / smtp user box that you are authorizing. You may need to use an incognito tab or guest window if your network signs you in automatically.

After populating the necessary fields, click either the Authorize or Re-Authorize buttons. At this point you will be re-directed to Microsoft to authorize FlexDeploy as the same user that you have in the imap user / smtp user box that you are authorizing. If everything is successful you should be redirected back to this page.

If you are ready, click the Authorize button.

 

 

Connecting a FlexDeploy account to a Microsoft Application

Navigate to System Settings → Email Settings and use the page Configuring OAuth - Microsoft Office 365 to configure it.

 

 

 

The following macros are not currently supported in the footer:
  • style