We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Single OAuth SMTP App in Azure AD : Two environments Saviynt Test and Prod

AS5278
Regular Contributor II
Regular Contributor II

Hi,

We have an OAuth SMTP app setup in Azure AD.

My query is that can we use this same OAuth app in both Saviynt Test and Saviynt Prod?.

Or do we need to create two separate OAuth app in Azure AD?.

Thanks,

Atul Singh

xurde
9 REPLIES 9

sudeshjaiswal
Saviynt Employee
Saviynt Employee

 

Hello @AS5278 ,

Yes, You can use the same OAuth SMTP for both Prod and Dev.
As you might be aware that you might face a similar issue, in both environment at the same time.

We don’t recommend using the Same OAuth SMTP for both environments.

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

AS5278
Regular Contributor II
Regular Contributor II

Hi Sudesh,

Thank you.

Also, how does Saviynt refresh the access token once the access token is expired after an hour?. In our case, we are facing this error that Saviynt is not able to refresh the access token. But, whenever we manually make any change to the SMTP config and save it, the IncomingMailARSJob runs fine for an hour(the default access token lifetime). After that it starts failing until we again manually change the SMTP config and save.

 

xurde

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @AS5278 ,

Can you please brief me about what are you changing in SMTP Config ? You are changing on target or on the saviynt side?
 
Thanks

If you find the above response useful, Kindly Mark it as "Accept As Solution".

AS5278
Regular Contributor II
Regular Contributor II

Hi @sudeshjaiswal ,

I am changing the 'Process emails received in last X hours' field in SMTP config at Saviynt side. I am changing it to 1 to 2 or 2 to 1.

Thanks

xurde

sudeshjaiswal
Saviynt Employee
Saviynt Employee

 

Hi @AS5278 

It appears that you are attempting to refresh the token from the Saviynt side by performing 1-2 to 2-1. However, I believe that the SMTP OAuth token refresh should actually be handled on the SMTP Email Server side, since you are using the SMTP OAuth of Azure AD.

The setting that you are attempting to modify in the SMPT Configuration on Saviynt is used to specify the interval during which you want to process emails that were received in the last X hours.

When configuring the OAuth email, executing the IncomingMailARSJob accurately displays results based on the specified number of hours in the "Process Emails Received In Last X Hours" field.

Please note that by manually changing the setting in the Saviynt SMPT Configuration, you are regenerating the refresh token manually each time.

For further information, please refer to: https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter06-EIC-Configurations/Conf....

If you find the above response useful, Kindly Mark it as "Accept As Solution".

AS5278
Regular Contributor II
Regular Contributor II

Hi @sudeshjaiswal 

Thanks for the explanation.

It seems the SMTP OAuth token refresh  is not being done automatically. Is there any specific setting that needs to be configured in the OAuth app in Azure AD?.

Also, we are using OAuth for Receive email part but for Send mail we are still using the Basic Auth. Could this be causing an issue?.

Thanks,

Atul Singh

xurde

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @AS5278 ,

You may contact your Azure AD support team for any configuration.

Additionally, have you attempted to use OAuth /basic authentication for both sending and receiving emails? Have you tried this approach, and if so, did it work for you?

Thanks,

If you find the above response useful, Kindly Mark it as "Accept As Solution".

AS5278
Regular Contributor II
Regular Contributor II

Hi @sudeshjaiswal ,

I just figured out that we don't have a Redirect URL setup in our OAuth app in Azure AD. Is this Redirect URL required for Saviynt?. 

From the Microsoft documentation for Registering OAuth App in Azure AD, I could see mentioned as 

"redirect URI is the location where the Microsoft identity platform redirects a user's client and sends security tokens after authentication."

I think the Redirect URI is required indeed. But what should be the redirect URL for Saviynt?. Where can I find this?.

Thanks,

Atul singh

xurde

sudeshjaiswal
Saviynt Employee
Saviynt Employee

Hello @AS5278 

We saw that you have already raised the forum question https://forums.saviynt.com/t5/identity-governance/redirect-url-oauth-smtp-app-in-azure-ad/m-p/29340#... .

As mentioned there,
Yes, You need to add the Saviynt URL which you are using for login.

Sample: https://xxxxx.saviyntcloud.com/ECM/ 

Thanks



 

If you find the above response useful, Kindly Mark it as "Accept As Solution".