This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

EMail Server Settings - Using OAuth

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 01:21 PM

Originally posted on October 1 2021 at 08:39 UTC

Hello everyone,


we are trying to use the modern Auth (OAuth) feature of the Saviynt EMailing system.

We have set up the Client App in AzureAD with ClientID and Client Secret.


However, the Freshdesk documentation does not state, how you need to configure the permissions of the Azure Client App. Does anyone have experience with setting this up?


Thank you!

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos
16 REPLIES 16

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on October 5 2021 at 00:22 UTC

Hello Rainer,


Please find attached the document that has information that you are looking for.

This is a bit old and also has reference to the Azure Active Directory Graph.


Let us know if this works.




Regards,

Avinash Chhetri


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

haardik_verma
Regular Contributor
Regular Contributor
In response to Community_User

‎11/23/2022 10:33 PM

Hi,
The accepted solution in this thread mentions some attached document. But I am unable to see any.
Can you please share it again.

Thanks

0 Kudos

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on October 5 2021 at 12:38 UTC

Hello Avinash,


thank you for this info. 


We were able to get the mail delivery sorted. However, the rights that you posted were a bit extensive and we were able to get it working with the following set of access rights:

image

As you can see, you don't need the Azure AD Graph API (which is also deprecated and can't be selected anyways). 


The Directory.ReadWrite.All right is quite extensive and you should only assign this access right if absolutely needed. You should adjust your documentation, accordingly.


The document itself is very helpful and should definitely be added to the Freshdesk portal after adjusting it. This will also reduce your workload, because you don't need to answer these questions over and over again in the Community forums 🙂


Best Regards,

Rainer

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

StaceyG
New Contributor II
New Contributor II
In response to Community_User

‎02/05/2023 05:07 AM

Rainer - Did this smaller set of rights on the Azure side work for processing the inbox, too? We have similar concerns as you do with granting all the requested Azure side access. We are currently able to send emails but our incoming mail job is failing with a 403 error. 

0 Kudos

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on October 5 2021 at 13:36 UTC

Thank you for your feedback Rainer, we will get the updated documented published in Freshdesk.



Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 10 2022 at 07:59 UTC

Hello Rainer, Avinash,


Thank you for the details above.


I am working on enabling the oauth feature under email setting and getting below error while I do Save and Test Connection.


Error While Test connection: CompactToken parsing failed with error code: 80049217


I have created the application in Azure AD and provided all the necessary permissions as mentioned above.


Do we need to provide any redirect URI as well under application in Azure?


Basic type is working for us.


Any inputs on above query would really help me to resolve the issue.


Regards,

Arjun Gadgul 

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

sundas7
Regular Contributor II
Regular Contributor II
In response to Community_User

‎09/15/2022 02:44 AM

Hi all,

We would like to know what step was taken to resolve the error .We have a similar requirement to change the Authentication from Basic to OAuth.We tried to test the connection and we get the same error.

Error While Test connection: CompactToken parsing failed with error code: 80049217

Thanks

Shyam

0 Kudos

Swetha
New Contributor III
New Contributor III
In response to Community_User

‎09/15/2022 04:00 AM

Hi All,

We have a received a requirement to change the Authentication from Basic to OAuth. We followed the below documentation and checked the configurations which looks fine.

https://saviynt.freshdesk.com/support/solutions/articles/43000673552-setting-up-permissions-for-oaut...

When tried to save and test connection , we are getting the below error. 

Error While Test connection: Compact Token parsing failed with error code: 80049217.

Kindly let us know what was the measure taken to resolve the above error . Please provide the documentation if any related to this since this is an urgent requirement .Early response is highly appreciated.

 

Regards,

Swetha

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to Swetha

‎09/15/2022 04:18 AM

It looks like the azure id which is used to connect should have grant admin consent for the application under API permissions. 

Please refer to Microsoft Azure docs for more detail of permission:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#admin-res...


Regards,
Rushikesh Vartak
0 Kudos

Swetha
New Contributor III
New Contributor III
In response to rushikeshvartak

‎09/22/2022 07:43 AM

Hi Rushikesh,

Thanks for the above information and document.

Also be informed that, we had raised Saviynt ticket for this issue and with help from ESAT team we were able to set up the permissions in Azure test portal.

However when we tried to save and test connection we are still getting token parsing error. We reached out to Saviynt for further support on this which inturn they checked with engineer team and received update that to generate authentication token for SMTP and save and test connection. 

We are not getting any specific document in Freshdesk portal to perform this. Kindly let us know if there is  any specific document available.

0 Kudos

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 17 2022 at 15:11 UTC

We have the same issue and need clarification on Azure permissions.  Is Admin Consent required?  Do we need to limit app access as detailed here: Limiting application permissions to specific Exchange Online mailboxes - Microsoft Graph | Microsoft...

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

Community_User
Saviynt Employee
Saviynt Employee

‎04/12/2022 03:07 PM

Originally posted on March 18 2022 at 18:45 UTC

Hi  Bill,


Yes the admin consent is necessary to assign the permissions.

The second part of the question, basically seems to restrict the access to certain mailboxes. I've never done it nor know of someone who has.

Do let us know how it goes.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
0 Kudos

anubhuti
New Contributor
New Contributor
In response to Community_User

‎12/15/2022 03:13 PM

Bill and Avinash,

WE have similar requirements as well. Can you share the limited permissions that worked for you?

0 Kudos
Copyright © 2023 Khoros, LLC