OAuth authentication

OAuth is a secure authentication method that uses an authentication token instead of a password to connect your application to your user account. Using OAuth, resource owners can configure permissions separately for each client requesting access to the same resource and can also modify/revoke the access at any point of time.

To configure OpManager with Google, you need to create or register an application. Moreover, for adding and updating actions authentication by the OAuth provider is required.

Configuration of OAuth with Google

  1. Go to Google console dashboard.
  2. Click Create project, to create a new project.

    3. Configuration of OAuth with Google: Create project in google console dashboard

  3. Provide a name for the application and click Create, it will redirect to the Project home page.

    4. Configuration of OAuth with Google: Details for new project creation

  4. Then go to Library and search for the required API/Services. Then Enable the API/Services.

    5. Configuration of OAuth with Google: Enable API/Services

  5. Go to the OAuth consent screen, select the "External" user type and click Create.

    6. Configuration of OAuth with Google: User type selection - External

    • In App information, provide App name, User support email, Developer contact information (Mandatory fields) and other necessary fields and click Save and continue.

      • Configuration of OAuth with Google: App information

    • To configure the Scope, click "Add or Remove Scopes". If any specific scope is not available in the list, go to Library search for the specific API and enable it and then try to add the scope.

      • Configuration of OAuth with Google: Scope configuration

      • In the API Library, search for Gmail API & Enable it.

        • Configuration of OAuth with Google: Enable Gmail API

      • While adding scope, add and use the scope "https://mail.google.com" under Gmail API.

    • To add users who can authenticate through this application, click the "Add users" button and add the users.

      • Configuration of OAuth with Google: Add users for authentication

    • Then click Save and Continue, it will show the summary of the created application.
  6. After adding the application details, go to Credentials and create a new OAuth client ID.

    7. Configuration of OAuth with Google: New OAuth client ID creation
    • Select Application type as "Web application" and provide a name for it.

      • Configuration of OAuth with Google: Application type selection - Web application

    • Then add redirect URL as "https://www.manageengine.com/itom/OAuthAuthorization.html", and click Create. You can copy the Redirect URL from OpManager console -> OAuth provider page as well.

      • Configuration of OAuth with Google: Redirect URL addition

    • Once the credentials have been created, Client ID and Client secret will be shown in the dialog box. Copy both the values to configure OAuth Provider Settings in OpManager Console

      • Configuration of OAuth with Google: Client ID and secret

    • Download the JSON, in that we can find Authentication URL and Token URL as auth_url and token_url respectively. Copy these values to configure OAuth Provider Settings in OpManager Console

Recommended Scope for Configuring Mail server with OAuth

Configuration of OAuth with Google: Recommended scope for mail server configuration

OAuth Provider Configuration

After configuring OAuth with Google, open OpManager,

  1. Go to Settings > General Settings > OAuth Provider - Add OAuth Provider

    2. Configuration of OAuth with Google: OAuth provider addition

  2. Provide the following details,
    • Profile Name - A unique profile name for each profile.
    • Description - Description about the OAuth profile.
    • Authentication Provider - OAuth provider's name - Gogle.
    • Timeout - Time required to connect with the provider. Range: 10-300 sec.
    • Client ID and Client Secret - Use the values copied from Step 6 of configuring OpManager with Google.
    • Authentication URL and Token URL - Use the values copied from Step 6 of configuring OpManager with Google.
    • Scope - Use the values copied from this step of configuring OpManager with Google.
  3. After providing the above details, save it. You will be redirected to Google Sign in page. Provide Email and Password to Sign in. Then click 'Continue' to provide consent for accessing the application.
Configuration of OAuth wth Google: Gmail signin page to login
Configuration of OAuth wth Google: Continue option
Configuration of OAuth wth Google: Access for the google account to ManageEngine

Note that the Access Token will be generated for the email provided here. So, if this OAuth Provider is selected for Authentication, make sure to use the same email address as username.

Note:

Now that you have successfully added an OAuth Provider, you can select that in Mail Server Settings for OAuth Authentication.


Configuration of OAuth wth Google: Authentication provider

The status of OAuth Provider settings will be Inactive until it is used in the mail server settings.


Configuration of OAuth wth Google: Inactive OAuth provider

Configuration of OAuth wth Google: Active OAuth provider

Thank you for your feedback!

Was this content helpful?

We are sorry. Help us improve this page.

How can we improve this page?
Do you need assistance with this topic?
By clicking "Submit", you agree to processing of personal data according to the Privacy Policy.