Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Incoming Mail ARS job failing with error: Unable to refresh access token

AS5278
Regular Contributor II
Regular Contributor II

‎03/21/2023 07:16 AM - edited ‎03/21/2023 07:18 AM

Hi,

We have setup OAuth for IncomingMailARS Job and we have an OAuth app setup in Azure AD. We also got the necessary Graph API permissions enabled in the application.

Whenever we are making any change to the SMTP configuration and Save it, the IncomingMail Job runs fine after that for about an hour. After 1 hour the job starts failing with error: "

Unable to refresh access token".  Again, if we make changes to SMTP configuration and save it, it works for an hour and then starts failing. 
I think 1 hour is the access token expiration time. When we make changes to config, the access token is refreshed and the job works. But once the access token expires Saviynt is not able to automatically refresh it.
 
My question is that : Can it be because the same OAuth app in Azure AD is being used for IncomingMailARSJob in both Saviynt Test and Saviynt Production?. Should we setup two different apps for these two environments?. 
 
Please guide. We are facing this issue since months now. I am attaching the logs for when the Job Works and also for When the Job doesn't work.
 

 

xurde
Preview file
263 KB
Preview file
48 KB
0 Kudos
2 REPLIES 2

Manu269
All-Star
All-Star

‎03/22/2023 09:38 PM

Can you refer this thread : https://forums.saviynt.com/t5/identity-governance/oauth-email-invalid-user-error/m-p/23176#M11776

https://forums.saviynt.com/t5/identity-governance/issues-while-configuring-actionable-emails/m-p/237...

 

Regards
Manish Kumar
If the response answered your query, please Accept As Solution and Kudos
.
0 Kudos

AS5278
Regular Contributor II
Regular Contributor II
In response to Manu269

‎03/23/2023 02:10 AM

Hi Manu,

We have tried the above two things. All Graph API permissions are enabled in the app. Also, the issue is that this thing works for an hour after making changes to the SMTP config. The emails are getting processed as I have confirmed. But, after one hour we start facing Expired access token error and Saviynt is not able to automatically refresh the access token.

Is there any detailed guide stating how to setup the OAuth app in Azure AD?. As I strongly feel that it has something to do with Oauth app or the mailbox folder level permissions itself. But, I can't go back to the client asking for enabling API and permissions and making changes just based on assumptions. They are looking for a guide/instruction manual from Saviynt.

Thanks.

xurde
0 Kudos
Copyright © 2024 Khoros, LLC