03/24/2023 10:41 AM
1. Exchange Mailbox Operations On-Prem & Exchange Online
We have REST based connector for windows server which hosts PowerShell scripts for exchange mailbox provisioning and deprovisioning On-Prem exchange and M365, the connector is set up with Basic Authentication,
Saviynt calls PowerShell scripts to create/update mailboxes on-prem exchange for new users and also does mail routing to Exchange Online. For terminated users Saviynt calls a PowerShell script which uses xml credential file to connect to Exchange Online using basic authentication and executes termination procedures on a user mailbox.
We want to evaluate how this will impact our current exchange connector configuration and mailbox operations, what is required to use OAuth authentication.
2. SMTP server settings in Saviynt - We currently use Basic Authentication for SMTP configuration within Saviynt, will this get impacted, if so, need assistance to set up OAuth Authentication.
Please share details if anyone having similar set up, Thank You.
03/24/2023 12:57 PM
From what I understand, the auth mechanism used in the Powershell script that is connecting to exchange server is changing from Basic to OAuth while there are no changes to the authentication mechanism between the Saviynt and the windows server. If that is the case, there will not be any change required on Saviynt side. As long as you are able to perform the operations (create mailbox, terminate user etc) from the Powershell directly from the Windows server using the new auth mechanism script it should continue to work as expected.
However, if the response code changes at the end of each operation being performed in the PS script, we may have to adjust the same in the REST connector.
In order to configure SMTP Using OAuth, you can refer to the below documentation.
For any additional implementation related assistance, you can reach out to your TAM/CSM to get PS involved.
03/28/2023 07:37 AM
Thank you for the information.
So we shouldn’t expect any impact to our exchange connector, but powershell scripts might need to modern authentication.
SMTP settings in saviynt, are you sure this will get impacted ?
Our current version is 5.5 sp 3.9
I’m referring to - Microsoft Announcement on Retirement of Basic Authentication for Exchange Online (saviyntcloud.com)
03/28/2023 08:51 AM
This is correct. The SMTP will need to be configured using OAuth and as per the article, you will need to be on a latest release - 3.11 or above.
You can reach out to your CSM to plan for the upgrade.