Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Problem

As of October 2022, Microsoft will completely deprecate basic authentication for mailbox access. Customers using one of these services MUST upgrade their version of GlobalCapture if any workflows import email from one of these sources. Customers will need to be on GlobalCapture 2.4.113 or greater to continue use of these services in conjunction with GlobalCapture.

Solution

Customers will need to upgrade to gain access to the supporting technology required to properly authenticate to Microsoft’s services. Once upgraded:

  1. Your Azure / Office 365 admin will need to provision a new App Registration for GlobalCapture to authenticate to.


  2. Your Azure / Office 365 admin will need to set API permissions appropriately for your organization. The App will need to be configured with privileges to read and edit mail messages from any mailbox that participates in a GlobalCapture. Access to all mailboxes would include:

    EWS.AccessAsUser.All
    full_access_as_app

  3. Your Azure / Office 365 admin will need to provide values for the Client ID (Application ID) and Tenant ID (Directory ID).

  4. Your Azure / Office 365 admin will need to create a client secret and provide the value.

With the 3 data points provided by your Admin in hand, you will need to configure your workflows to authenticate.

To reiterate, you will need:

  • Client ID

  • Tenant ID

  • Client Secret

Note, you can only access the Client Secret value at the time of creation. You will not be able to access the value in the future without previously documenting it yourself.

Import Node Configuration

Customers implementing oAuth will need to ensure they are using the option for Exchange email import. The server address will resemble:

https://outlook.office365.com/ews/exchange.asmx

Provide an email address in the User Account field, then ensure the option for oAuth is checked. Provide the Tenant, Client ID, and Client Secret. Account passwords are not applicable to this authentication method.

Click Test to ensure the configuration is correct.

If the test is not successful, please verify the 3 datapoints are correct and the email address provided is valid.

Your Admin will want to review authentication and / or access logs to help identify authentication errors at this stage.

Note for existing customers, each workflow performing email import from exchange mailboxes will need to be updated.

Customers who can not or choose not to upgrade GlobalCapture to 2.4.113 or greater can setup mailbox forwarding rules to send messages to a mailbox source that the version of GlobalCapture you are using can authenticate to.

There was a mail engine change in 2.4.113 to allow for oAuth. This may result in different inbox import behavior. Such as emails previously moving to the deleted folder will now be permanently deleted from your email inbox. To keep a record of these emails. Copy forward the emails to separate email address for GlobalCapture to import them. The originals will stay in your 1st email account. The 2nd email account will be the workflow email import address.

Microsoft Resources

If you are looking to control access to specific mailboxes, speak to your admin about application specific policies. This article can also provide some context on access control.

  • No labels