FAQs on OAuth Authentication for Mail Server
Google and Microsoft will soon withdraw basic authentication support for mail servers by February 2021 and October 2020, respectively. Therefore, it is advisable for users to switch to OAuth authentication.
We have tested OAuth authentication with Microsoft Outlook (office365) and Gmail (Gsuite). Click the respective links to learn how to generate access tokens from these servers.
You can also connect to a different service provider, but ServiceDesk Plus MSP provides support only for Microsoft Azure (for O365) and G Suite (for Gmail).
Yes. You can configure OAuth for an existing account.
For Microsoft Outlook, your application must be running in the HTTPS mode.
For Gmail, your hostname must end with a public top-level-domain (TLD) such as .com, .org, etc.
- Can I use an existing App/Project configured in my Authorization Server to authenticate ServiceDesk Plus MSP?
Yes, you can use the Client Details of your existing App/Project in your authorization server to authenticate ServiceDesk Plus MSP. Make sure that you add the Redirect URL of ServiceDesk Plus MSP to the App/Project and save it.
Redirect URL or Reply URL is the URL to which the Authorization Server sends confidential response data. Copy-paste the Redirect URL to the application details in the Authorization Server and save it.
For outlook, we support EWS only.
For gmail, we support IMAPS, SMTP, and SMTPS protocols.
If the user details are incorrect, you will not be able to connect. Click Save to retry signing in.
When your access token gets expired, a new access token will be automatically generated using the refresh token.
Users will not be notified on the expiry of an access token. The application automatically generates a new access token.
Refresh Tokens may or may not expire depending on the configurations of your service provider.
When your refresh token expires, the application's mail fetching/sending will fail as the application cannot authenticate the mail server.
If your refresh token has expired, you must generate new tokens from the authorization server by repeating the configurations given here.
Check whether the account specified in the Mail Server Settings page and the one you signed in with are the same.
- After authenticating, the user-consent window becomes blank or redirects to the application login page. What should I do?
Check if the hostname you are accessing is the same as in the redirect URL. For example, when the redirect URL is https://helpdesk.zylker.com but you are accessing the application using the IP address, you will be redirected to the redirect URL from where you might not have signed in.
- On clicking Save, I am getting an error stating "Redirect URL or reply URL invalid/mismatch". What should I do?
Check if you have added the application server's redirect URL to your authorization server's list of redirect URLs. Learn how to do this here. Ensure that you have saved the settings.
A popup should appear, but browsers usually block popups. Make sure to look out for alerts or check the browser's URL bar if the popup is blocked. If yes, choose the option to allow pop-ups andtry again. If it still fails, try using a different browser.
The hostname is found as a parameter named "WEB_URL" in GlobalConfig table. You should connect to your database and execute the following query to change the hostname:
update globalconfig set paramvalue='<your_actual_host_name>' where parameter='WEB_URL' and category='SDDnsName';