and more in a single search tool across platforms. Read the announcement here. |
03/07/2024 07:40 AM
We are setting up actionable email approval with Microsoft Azure ouath
We have provided SPN access to read mailbox but we are getting access denied error.
{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}} |
Mailbox have required access.
Part of issue was to avoid giving that API access to the SP because it shouldn't be allowed to read everyone's mailboxes.
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
Solved! Go to Solution.
03/10/2024 11:14 PM
Hello @rushikeshvartak,
Does it work, when you give the full access?
Thanks
03/10/2024 11:46 PM
No
03/10/2024 11:49 PM
User ID is missing
03/11/2024 12:26 AM
Hello @rushikeshvartak,
Please validate if the below persmissions are granted:
Following are the permissions required to read the mailbox messages. These permissions are for applications.
Assign the required permissions in Azure AD by following the steps mentioned in above section. The following permissions are required for reading emails.
Mail.Read
Mail.ReadBasic
Mail.ReadBasic.All
Mail.ReadWrite
Mail.Send
For Ref : https://docs.saviyntcloud.com/bundle/EIC-Admin-v24x/page/Content/Chapter06-EIC-Configurations/Settin...
Thanks,
03/11/2024 08:22 PM - edited 03/11/2024 08:23 PM
As mentioned initially client is not ready to provide Mail.Read access as service account can read everyone's mailbox. We have explicitly provided SPN to access individual account .
As per confirmed by TAM this is feasible we are waiting for documentation around same
@CR USERID has been removed from screenshot
03/26/2024 08:53 PM
@sudeshjaiswal Any update
04/04/2024 12:40 AM
Hello @rushikeshvartak,
Currenlty this is not feasible, you need to grant all the permission as mentioned in the document.
Thanks.
04/04/2024 09:18 AM - edited 04/04/2024 09:20 AM
Documentation has additional privileges which should be removed.
Our use case is resolved with Mail.Read
Documentation needs to removed below permission :
Mail.ReadBasic.All -->Not required to provide access to read everyone's mailbox in orgnization
Mail.Send >> Not needed as we don't send email from mailbox such request approval already prcoessed.
Mail.Read:
Mail.ReadBasic:
Mail.ReadBasic.All:
Mail.ReadWrite:
Mail.Send:
04/05/2024 12:23 AM
Hello @rushikeshvartak,
Thank you for providing detailed information. You have the option to share your feedback on the documentation portal and also, you can create a Knowledge Base Article.
This would greatly benefit end users who may have similar use cases.
Thanks.
04/05/2024 04:49 AM
Only Employees are allowed to create KB and feedback is provided with forum link & also inform TAM