and more in a single search tool across platforms. Read the announcement here. |
03/27/2023 10:30 PM
Hi,
We have an OAuth SMTP app setup in Azure AD.
My query is that can we use this same OAuth app in both Saviynt Test and Saviynt Prod?.
Or do we need to create two separate OAuth app in Azure AD?.
Thanks,
Atul Singh
Solved! Go to Solution.
03/27/2023 11:11 PM
Hello @AS5278 ,
Yes, You can use the same OAuth SMTP for both Prod and Dev.
As you might be aware that you might face a similar issue, in both environment at the same time.
We don’t recommend using the Same OAuth SMTP for both environments.
Thanks,
03/27/2023 11:22 PM
Hi Sudesh,
Thank you.
Also, how does Saviynt refresh the access token once the access token is expired after an hour?. In our case, we are facing this error that Saviynt is not able to refresh the access token. But, whenever we manually make any change to the SMTP config and save it, the IncomingMailARSJob runs fine for an hour(the default access token lifetime). After that it starts failing until we again manually change the SMTP config and save.
03/28/2023 12:02 AM
Hello @AS5278 ,
Can you please brief me about what are you changing in SMTP Config ? You are changing on target or on the saviynt side?
Thanks
03/28/2023 12:05 AM
Hi @sudeshjaiswal ,
I am changing the 'Process emails received in last X hours' field in SMTP config at Saviynt side. I am changing it to 1 to 2 or 2 to 1.
Thanks
03/28/2023 12:40 AM
Hi @AS5278
It appears that you are attempting to refresh the token from the Saviynt side by performing 1-2 to 2-1. However, I believe that the SMTP OAuth token refresh should actually be handled on the SMTP Email Server side, since you are using the SMTP OAuth of Azure AD.
The setting that you are attempting to modify in the SMPT Configuration on Saviynt is used to specify the interval during which you want to process emails that were received in the last X hours.
When configuring the OAuth email, executing the IncomingMailARSJob accurately displays results based on the specified number of hours in the "Process Emails Received In Last X Hours" field.
Please note that by manually changing the setting in the Saviynt SMPT Configuration, you are regenerating the refresh token manually each time.
For further information, please refer to: https://docs.saviyntcloud.com/bundle/EIC-Admin-v2022x/page/Content/Chapter06-EIC-Configurations/Conf....
03/28/2023 12:59 AM
Thanks for the explanation.
It seems the SMTP OAuth token refresh is not being done automatically. Is there any specific setting that needs to be configured in the OAuth app in Azure AD?.
Also, we are using OAuth for Receive email part but for Send mail we are still using the Basic Auth. Could this be causing an issue?.
Thanks,
Atul Singh
03/28/2023 01:51 AM
Hello @AS5278 ,
You may contact your Azure AD support team for any configuration.
Additionally, have you attempted to use OAuth /basic authentication for both sending and receiving emails? Have you tried this approach, and if so, did it work for you?
Thanks,
03/29/2023 01:53 AM
Hi @sudeshjaiswal ,
I just figured out that we don't have a Redirect URL setup in our OAuth app in Azure AD. Is this Redirect URL required for Saviynt?.
From the Microsoft documentation for Registering OAuth App in Azure AD, I could see mentioned as
"A redirect URI is the location where the Microsoft identity platform redirects a user's client and sends security tokens after authentication."
I think the Redirect URI is required indeed. But what should be the redirect URL for Saviynt?. Where can I find this?.
Thanks,
Atul singh
03/29/2023 11:03 PM
Hello @AS5278
We saw that you have already raised the forum question https://forums.saviynt.com/t5/identity-governance/redirect-url-oauth-smtp-app-in-azure-ad/m-p/29340#... .
As mentioned there,
Yes, You need to add the Saviynt URL which you are using for login.
Sample: https://xxxxx.saviyntcloud.com/ECM/
Thanks