FAQs on OAuth for Mail Server

FAQs on OAuth for Mail Server

Role Required: SDAdmin

Quick Links: 

What are the supported mail servers in OAuth?

We have tested OAuth authentication with Microsoft Outlook (office365) and Gmail (Gsuite). Click the respective links to learn how to generate access tokens from these servers.

You can also connect to a different service provider, but AssetExplorer supports onlyMicrosoft Azure (for O365) and G Suite (for Gmail)

What are the supported protocols in OAuth?

For Microsoft Outlook, onlyEWS is supported. For Gmail, IMAPS, SMTP, and SMTPS protocols are supported.   

What are the application requirements to configure OAuth?   

For Microsoft Outlook, your application must be running in the HTTPS mode. For Gmail, your hostname must end with a public top-level-domain (TLD) such as .com, .org, etc

Can I configure OAuth for an existing mail account?  

Yes. You can configure OAuth for an existing account.

Can I use an existing App/Project configured in my Authorization Server to authenticate AssetExplorer?  

Yes, you can use the Client Details of your existing App/Project in your authorization server to authenticate AssetExplorer. Make sure that you add the Redirect URL of AssetExplorer to the App/Project and save it.

What is Redirect URL and where should I configure it?

Redirect URL or Reply URL is the URL to which the Authorization Server sends confidential response data. Copy-paste the Redirect URL to the application details in the Authorization Server and save it.

On clicking Save, I am getting an error stating "Redirect URL or reply URL invalid/mismatch". What should I do? 

Check if you have added the application server's redirect URL to your authorization server's list of redirect URLs. Learn how to do this here. Ensure that you have saved the settings.

On clicking Save, a message stating "Redirecting to the configured server's authentication page" is display, but nothing happens. Why?

A popup should appear, but browsers usually block popups. Check for alerts or the browser's URL bar for popup blockers. If yes, choose the option to allow pop-ups and try again. If it still fails, try using a different browser.

If the user details are incorrect, you will not be able to connect. Click Save to retry signing in.

After authenticating , the user-consent window becomes blank or redirects to the application login page. What should I do?

Check if the hostname you are accessing is the same as in the redirect URL. For example, when the redirect URL is https://helpdesk.zylker.com but you are accessing the application using the IP address, you will be redirected to the redirect URL from where you might not have signed in.

What will happen if my access token expires? 

When your access token expires, a new access token will be automatically generated using the refresh token.

Do we get any notification if the access token expires? 

Users will not be notified on the expiry of an access token. The application automatically generates a new access token.

Do refresh tokens expire? 

Refresh Tokens may or may not expire depending on the configurations of your service provider.

How would I know if my refresh token expired? 

When your refresh token expires, the corresponding portal's mail fetching/sending will fail as the application cannot authenticate the mail server.

What should I do if my refresh token expires? 

If your refresh token has expired, you can generate new tokens from the authorization server by saving the configurations once again. Learn more.

What is my next step, if OAuth settings failed to connect to the mail server?  

Check whether the account specified in the Mail Server Settings page and the one you signed in with are the same.

How to change the hostname in the Redirect URL of AssetExplorer?  

The hostname is found as a parameter named "WEB_URL" in GlobalConfig table. You should connect to your database and execute the following query to change the hostname.
  1. update globalconfig set paramvalue='<itasset.zylker.com:8080>' where parameter='WEB_URL' and category='SDDnsName';

Can I configure a mailbox using OAuth without changing the application to the HTTPS protocol? 

Yes, you can configure a mailbox using OAuth by modifying the Alias URL.
  1. Connect to your database and execute the following query to change the hostname:
  1. insert into globalconfig values(10010,'SDDnsName','WEB_URL','localhost:<port_number>',''); 
  1. Log in to AssetExplorer on the server machine.
  2. Go to Admin > Organizational Details > Mail Server Settings.
  3. Copy the Redirect URL and use it in your authorization portal (Azure or Google Developers Console).
  4. Configure mail server settings using OAuth and save the details. Enter the mailbox credentials in the OAuth pop up.
  5. After configuring OAuth, perform the following delete query by connecting to your database:
  1. delete from globalconfig where category like 'SDDnsName' and parameter like 'WEB_URL'; 
  1. Restart the application.
Alias URL is used in the links sent via email from the application. It is recommended to configure mailbox using OAuth during non-business hours to minimize the effects of change.  

    • Related Articles

    • OAuth for Mail Server

      Role Required: SDAdmin OAuth is a standard authorization protocol designed to provide secure access to protected resources by using web tokens instead of passwords. Using OAuth, resource owners can configure separate permissions for different clients ...

    • Outgoing Mail Server Settings

      Role Required: SDAdmin Configure your organization's mail server to send emails and trigger notifications through AssetExplorer. You can use email protocols (SMTP/SMTPS), Exchange Web Services (EWS), or Microsoft Graph to connect to the external ...

    • Default Mail Server Configurations

      Role Required: SDAdmin The following table lists the default configurations of mail servers supported by AssetExplorer: SMTP EWS Microsoft Graph Office365 Host: smtp.office365.com Port: 587 Protocol: SMTP TLS: Enabled Scope for OAuth: ...

    • Troubleshoot Mail Server Settings

      Role Required: SDAdmin To check mail server connectivity, send a sample email by entering a mail address and clicking on the Send a sample mail button in the outgoing tab. If the settings are configured right and the connection is successful, a ...

    • Remote AssetExplorer Server Functionalities

      Role Required: SDAdmin When using AssetExplorer as a remote server, certain functions will be limited. Only the Home, Assets, Scan, and Community tabs will be accessible. We recommend using the remote server solely for inventory purposes and not ...