FAQs on OAuth Authentication for Mail Server

     

     

    • Why should I move to OAuth2.0? 

    Google and Microsoft will soon withdraw basic authentication support for mail servers by February 2021 and October 2020, respectively. Therefore, it is advisable for users to switch to OAuth authentication.

     

    • What are the supported mail servers in OAuth?

    We have tested OAuth authentication with Microsoft Outlook (office365) and Gmail (Gsuite). Click the respective links to learn how to generate access tokens from these servers.

    You can also connect to a different service provider, but ServiceDesk Plus MSP provides support only for Microsoft Azure (for O365) and G Suite (for Gmail).

     

    • Can I configure OAuth for an existing mail account? 

    Yes. You can configure OAuth for an existing account.

     

    • What are the application requirements to configure OAuth?  

    For Microsoft Outlook, your application must be running in the HTTPS mode.

    For Gmail, your hostname must end with a public top-level-domain (TLD) such as .com, .org, etc.

     

    • Can I use an existing App/Project configured in my Authorization Server to authenticate ServiceDesk Plus MSP? 

    Yes, you can use the Client Details of your existing App/Project in your authorization server to authenticate ServiceDesk Plus MSP. Make sure that you add the Redirect URL of ServiceDesk Plus MSP to the App/Project and save it.

     

    • What is the Redirect URL and where should I configure it?

    Redirect URL or Reply URL is the URL to which the Authorization Server sends confidential response data. Copy-paste the Redirect URL to the application details in the Authorization Server and save it.

     

    • What are the supported protocols in OAuth?

    For outlook, we support EWS only.

    For gmail, we support IMAPS, SMTP, and SMTPS protocols.    

     

    • What will happen if user details are incorrect while signing in the user-consent window? 

    If the user details are incorrect, you will not be able to connect. Click Save to retry signing in.

     

    • What will happen if my AccessToken expired?

    When your access token gets expired, a new access token will be automatically generated using the refresh token.

     

    • Do we get any notification if the access token expires?

    Users will not be notified on the expiry of an access token. The application automatically generates a new access token.

     

    • Do Refresh Tokens expire?

    Refresh Tokens may or may not expire depending on the configurations of your service provider.

     

    • How would I know if my Refresh Token expired?

    When your refresh token expires, the application's mail fetching/sending will fail as the application cannot authenticate the mail server.

     

    • What should I do if my Refresh Token expires?

    If your refresh token has expired, you must generate new tokens from the authorization server by repeating the configurations given here.

      

    • What is my next step, if OAuth settings failed to connect to the mail server? 

    Check whether the account specified in the Mail Server Settings page and the one you signed in with are the same.

     

    • After authenticating, the user-consent window becomes blank or redirects to the application login page. What should I do?

    Check if the hostname you are accessing is the same as in the redirect URL. For example, when the redirect URL is https://helpdesk.zylker.com but you are accessing the application using the IP address, you will be redirected to the redirect URL from where you might not have signed in.

     

    • On clicking Save, I am getting an error stating "Redirect URL or reply URL invalid/mismatch". What should I do?

    Check if you have added the application server's redirect URL to your authorization server's list of redirect URLs. Learn how to do this here. Ensure that you have saved the settings.

     

    • "Redirecting to the configured server's authentication page", but nothing happens! 

    A popup should appear, but browsers usually block popups. Make sure to look out for alerts or check the browser's URL bar if the popup is blocked. If yes, choose the option to allow pop-ups andtry again. If it still fails, try using a different browser.

     

    •  How to change the hostname in the Redirect URL of  AssetExplorer? 

    The hostname is found as a parameter named "WEB_URL" in GlobalConfig table. You should connect to your database and execute the following query to change the hostname:

      update globalconfig set paramvalue='<your_actual_host_name>' where parameter='WEB_URL' and category='SDDnsName';

    Copyright © 2017, ZOHO Corp. All Rights Reserved.