AssetExplorer
Download Website Forums Live Demo

    OAuth Authentication for Mail Server   

    OAuth is a standard authorization protocol that provides delegated access to a protected resource using web tokens instead of passwords. With OAuth, resource owners can configure separate permissions for each client requesting access to the same resource and modify/revoke the access at any point of time.

     

    How does OAuth work     

    OAuth authentication involves the following entities:

    • Resource Owner: The user who owns the protected resource.

    • Client: An end-user or application, requesting access to the resource.

    • Authorization Server: The server that generates the access token for the client with the resource owner's approval.

    • Resource Server: The server that hosts the protected resource.

    To access a protected resource, the client should obtain an authorization grant from the resource owner and pass it on to the authorization server. The authorization server validates the authorization grant and generates an access token with the approval of the resource owner. The client can use this token to access the protected resource hosted by the resource server.  

    The authentication process with OAuth is explained in the flowchart below:

    In this case, ManageEngine AssetExplorer acts as the Client requesting access to the Mail Server (Resource Owner) and obtains the authorization grant. This authorization grant is processed through the Authorization Server of the corresponding mail box (say G Suite for Gmail and Microsoft Azure for O365), which generates an access token with the Resource Owner's approval. Using this access token, ManageEngine AssetExplorer can access the Mail Server.

     

    Configuring OAuth for Mail Server    

    Outgoing Mail Server Settings   

    To configure OAuth for outgoing mail,

    Go to Admin > Organization Details > Mail Server Settings > Outgoing.

    1. Choose the Connection Protocol.

      • If you choose SMTP/SMTPS:

        1. Choose OAuth as the Authentication Type and enter the Server Name/IP Address, Alternate Server Name/IP Address.

        2. Provide the Sender Name and Reply to email address.

        3. Enter the Username of the associated mailbox and choose the Protocol.

        4. Enable TLS if required.

        5. The relevant Port will be auto-populated. You can modify the port if required.

     

     

      • If you choose EWS:

        1. Provide the Connect URL and the Username of your mail box.

        2. Enter the Sender Name, and Reply to email address.

     

     

    • Obtain Client ID, Client Secret, Authorize URL, Access Token URL, and Scope from the authorization server using the Redirect URL.
    • Click Save. The user consent window of the mail server pops up.
    • Provide your login credentials and submit your consent for the mentioned permissions. The login credential should be the same as the username configured in the Mail Server Settings.
    • The configuration is completed with the display of a success message.

    The application can now send emails from the mail server configured with OAuth authentication.

     

     

    Zoho Corp. All rights reserved.