Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

EMail Server Settings - Using OAuth

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 1 2021 at 08:39 UTC

Hello everyone,


we are trying to use the modern Auth (OAuth) feature of the Saviynt EMailing system.

We have set up the Client App in AzureAD with ClientID and Client Secret.


However, the Freshdesk documentation does not state, how you need to configure the permissions of the Azure Client App. Does anyone have experience with setting this up?


Thank you!

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
16 REPLIES 16

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 00:22 UTC

Hello Rainer,


Please find attached the document that has information that you are looking for.

This is a bit old and also has reference to the Azure Active Directory Graph.


Let us know if this works.




Regards,

Avinash Chhetri


This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Hi,
The accepted solution in this thread mentions some attached document. But I am unable to see any.
Can you please share it again.

Thanks


Thanks & Regards,
Haardik Verma

https://saviynt.freshdesk.com/support/solutions/articles/43000618843-email-server-settings


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

https://saviynt.freshdesk.com/support/solutions/articles/43000618843-email-server-settings


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 12:38 UTC

Hello Avinash,


thank you for this info. 


We were able to get the mail delivery sorted. However, the rights that you posted were a bit extensive and we were able to get it working with the following set of access rights:

image

As you can see, you don't need the Azure AD Graph API (which is also deprecated and can't be selected anyways). 


The Directory.ReadWrite.All right is quite extensive and you should only assign this access right if absolutely needed. You should adjust your documentation, accordingly.


The document itself is very helpful and should definitely be added to the Freshdesk portal after adjusting it. This will also reduce your workload, because you don't need to answer these questions over and over again in the Community forums 🙂


Best Regards,

Rainer

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Rainer - Did this smaller set of rights on the Azure side work for processing the inbox, too? We have similar concerns as you do with granting all the requested Azure side access. We are currently able to send emails but our incoming mail job is failing with a 403 error. 

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on October 5 2021 at 13:36 UTC

Thank you for your feedback Rainer, we will get the updated documented published in Freshdesk.



Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 10 2022 at 07:59 UTC

Hello Rainer, Avinash,


Thank you for the details above.


I am working on enabling the oauth feature under email setting and getting below error while I do Save and Test Connection.


Error While Test connection: CompactToken parsing failed with error code: 80049217


I have created the application in Azure AD and provided all the necessary permissions as mentioned above.


Do we need to provide any redirect URI as well under application in Azure?


Basic type is working for us.


Any inputs on above query would really help me to resolve the issue.


Regards,

Arjun Gadgul 

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

sundas7
Regular Contributor II
Regular Contributor II

Hi all,

We would like to know what step was taken to resolve the error .We have a similar requirement to change the Authentication from Basic to OAuth.We tried to test the connection and we get the same error.

Error While Test connection: CompactToken parsing failed with error code: 80049217

Thanks

Shyam

Hi All,

We have a received a requirement to change the Authentication from Basic to OAuth. We followed the below documentation and checked the configurations which looks fine.

https://saviynt.freshdesk.com/support/solutions/articles/43000673552-setting-up-permissions-for-oaut...

When tried to save and test connection , we are getting the below error. 

Error While Test connection: Compact Token parsing failed with error code: 80049217.

Kindly let us know what was the measure taken to resolve the above error . Please provide the documentation if any related to this since this is an urgent requirement .Early response is highly appreciated.

 

Regards,

Swetha

It looks like the azure id which is used to connect should have grant admin consent for the application under API permissions. 

Please refer to Microsoft Azure docs for more detail of permission:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#admin-res...


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

Hi Rushikesh,

Thanks for the above information and document.

Also be informed that, we had raised Saviynt ticket for this issue and with help from ESAT team we were able to set up the permissions in Azure test portal.

However when we tried to save and test connection we are still getting token parsing error. We reached out to Saviynt for further support on this which inturn they checked with engineer team and received update that to generate authentication token for SMTP and save and test connection. 

We are not getting any specific document in Freshdesk portal to perform this. Kindly let us know if there is  any specific document available.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 17 2022 at 15:11 UTC

We have the same issue and need clarification on Azure permissions.  Is Admin Consent required?  Do we need to limit app access as detailed here: Limiting application permissions to specific Exchange Online mailboxes - Microsoft Graph | Microsoft...

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on March 18 2022 at 18:45 UTC

Hi  Bill,


Yes the admin consent is necessary to assign the permissions.

The second part of the question, basically seems to restrict the access to certain mailboxes. I've never done it nor know of someone who has.

Do let us know how it goes.




Regards,

Avinash Chhetri

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.

Bill and Avinash,

WE have similar requirements as well. Can you share the limited permissions that worked for you?

Refer https://forums.saviynt.com/t5/identity-governance/oauth-email-invalid-user-error/m-p/23176#M11776


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.