Mail Configuration - Microsoft Follow
This article describes how to set up a Microsoft Email account in the ServiceManager.
Start by opening the Mail Configuration dialog by going to your ServiceManager -> Admin -> Mail.
OAuth2 support for IMAP, POP, SMTP protocols as described below is supported for both Microsoft 365 (which includes Office on the web) and Outlook.com users.
Sending Emails (SMTP)
According to Microsoft: "As per the current test with SMTP Oauth 2.0 client credential flow with non-interactive sign in is not supported". Therefore, you must use Username/Password authentication for SMTP.
Use TLS connection via port 587 for Office365 accounts:
Test your settings by clicking on the "Test SMTP Settings" button.
Receiving Emails (IMAP)
As of October 1, 2022 Microsoft will disable Basic Authentication in all tenants of Office 365. This will disable the use of user names and passwords as a way to authenticate to your Office 365 email and require the use of Modern Authentication (OAuth).
Microsoft account configuration
You will first need to configure your Microsoft account.
A) Create an Azure account at https://portal.azure.com.
B) Register for any Exchange Online plan (Compare Microsoft Exchange Online Plans).
After setting up the mailbox you want to use with your ServiceManager, navigate to the Microsoft 365 Admin Center (https://www.office.com/ -> 'Admin') and validate the following:
- Make sure the IMAP protocol is enabled for the mailbox like below.
- Multi Factor Authentication should be disabled for the mailbox. In the "Active users" section select the relevant (mailbox) user and click on "Manage multifactor authentication" and make sure it is disabled.
C) Create a new tenant for your organization
** You may skip this step if you already have an active tenant for Azure Active Directory (you can check that in Azure portal menu -> "Azure Active Directory" -> "Manage tenants").
-
- Sign in to your Azure portal: https://portal.azure.com
-
Azure portal menu -> "Azure Active Directory" -> "Manage tenants" -> "Create" **
Tenant type = Azure Active Directory
Organization name = <your_organization_name>
Initial domain name =<your_organization_name> -
"Create".
D) Create a new App Registration (Single tenant)
-
Sign in to your Azure portal.
-
Make sure that you are on the correct tenant by clicking on your username/photo on the top right of the screen -> "Switch Directory", then click "Switch" next to your tenant (if it isn't active already).
-
Copy the directoryId from this screen for future use*.
-
Azure portal menu -> "Azure Active Directory" -> App registrations > New registration.
Display name: ServiceManager (Users of your application might see the display name during sign-in)
Supported account types: Accounts in this organizational directory only
Redirect URI: (empty) -
Click "Create"
-
On the application Overview page, find the Directory (tenant) ID value and write it down for later (step G).
7. On the Enterprise Application page (https://portal.azure.com/ -> Search: "Enterprise Applications"), find the Application ID and Object ID values and write them down for later (step G).
E) Create a Client Secret
- Enter the App Registration that you've created.
- In the Application menu blade -> Certificates & secrets -> Client secrets -> New client secret.
Description: ServiceManager_mail
Expires: 24 months (that's the maximum that you can set). - Click "Add".
Important! Copy the generated value, it will not be displayed again later.
This will be your Client Secret.
F) Add API Permissions, with Admin Consent
-
- In the Application menu blade -> API permissions -> Add permission -> APIs my organization uses.
- Type "office 365" in the search box, and click on "Office 365 Exchange Online".
- Add a Permission -> Application Permissions -> IMAP.AccessAsApp
- Click "Add Permissions"
- On the same screen, click "Grant admin consent for {tenant}".
G) Register application's service principals in Exchange
For the next steps you would need to use the Enterprise Application Object ID
(Notice! this is NOT the same Object ID from App Registrations that you used before):
Using Exchange Online PowerShell and the information collected in step D, connect and execute the following commands on the exchange online account:
1. Open the Windows PowelShell (Run as administrator).
If you are not using Windows, then refer to the link above for alternative ways to access PowerShell.
2. Start an exchange online PowerShell session with the tenant:
Connect-ExchangeOnline -Organization <tenant_id>
If Connect-ExchangeOnline is not a recognized command:
2a. Install-Module -Name ExchangeOnlineManagement
2b. Import-module ExchangeOnlineManagement
3. Create a new service principal for the registered app using the Enterprise Application Object Id:
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <ENTERPRISE_APP_OBJECT_ID>
4. Optional, if you want to list the current service principals:
Get-ServicePrincipal | fl
5. Add full access mailbox permissions to the Enterprise Application Object Id:
Add-MailboxPermission -Identity "imap_email@domain.com" -User <ENTERPRISE_APP_OBJECT_ID> -AccessRights FullAccess
6. Optional, if you want to make sure the registered application has access to the mailbox:
Test-ApplicationAccessPolicy -Identity "imap_mailbox@domain.com" -AppId <APPLICATION_ID>
(replace the email addresses and Directory (tenant) ID, Application ID, and Object ID prior to executing).
Weblogic configuration
Weblogic provides its own version for some java libraries, so this additional configuration step is required.
If you are using Tomcat, you may skip this step.
1) Login to the Web Logic Server Machine.
2) Go to the $DOMAIN_HOME/bin directory and edit the setDomainEnv.sh file and add the following system property to the JAVA_OPTIONS:
Linux: JAVA_OPTIONS="${JAVA_OPTIONS} -DUseSunHttpHandler=true"
Windows: set JAVA_OPTIONS=%JAVA_OPTIONS% -DUseSunHttpHandler=true
This will tell the weblogic server to use the Sun Http Handlers and not install its own.
3) Restart the Web Logic managed Servers.
If the above doesn't help, please try to use -DUseJSSECompatibleHttpsHandler=true instead of -DUseSunHttpHandler=true.
If this step is skipped, you may encounter the following error:
com.microsoft.aad.msal4j.MsalClientException: java.lang.ClassCastException: class weblogic.net.http.SOAPHttpsURLConnection cannot be cast to class javax.net.ssl.HttpsURLConnection
ServiceManager configuration
Once you successfully configured your Microsoft account, proceed to the ServiceManager configuration.
Open your ServiceManager > Admin > Mail:
Use outlook.office365.com / port 993 for Office365 accounts.
Enter the Directory (tenant) ID, Application (client) ID, and Client Secret that you obtained earlier in this document.
Test your settings by clicking on the "Test IMAP Settings" button.
Important Note:
Please make sure that host URLs and ports of the Microsoft mail server for IMAP and SMTP are open and accessible from the ServiceManager machine
Add Processed folder for RPAs
When connecting mailbox for RPA processing the AuraPlayer service manager by default will move the processed mails to the "trash" folder.
If you want to move processed mails to a different folder in your mailbox do the following:
- Create a folder in your mailbox
- Set the folder name in the system properties
IMAP_COMPLETED_FOLDER = <folder name> (e.g. IMAP_COMPLETED_FOLDER = Processed_RPA)
Comments
0 comments
Please sign in to leave a comment.