Skip to content

Collecteur Oauth IMAP#

TLS Protocol

Microsoft is gradually removing the TLS 1.0 and 1.1 protocols for all Microsoft 365 applications. In order to keep your collector running, you need to add an Oauth IMAP plugin available in the marketplace.

OAuth IMAP and MFA

The Oauth tokens for the collector, retrieved during authentication with Azure by the OauthIMAP plugin, are "offline" tokens that delegate authorisation to a third-party application (GLPI). These tokens provide a renewal code that will be used by the application to renew them automatically without user intervention. You will therefore not be asked to re-authenticate after the 1st authorisation request (unless you change your password at a later date).

Requirements (on-premise)#

GLPI Version Minimum PHP Recommanded
10.0.x 8.1 8.2

Here are the configuration steps including configuration phases on the Azure side.

Install the plugin#

  • See you in the marketplace. Download Oauth IMAP and enable it

Alt text

  • Meet now on your Azure tenant
  • In the search box type registration then select app registrations

Alt text

Register your Entra application#

Create the application#

  • Click on new registration
  • Indicate the desired name, select the type of account supported then indicate the redirection URL (present in the configuration of the plugin from your GLPI interface: https://XXXXXXXXXXXXXX/marketplace/oauthimap/front/authorization.callback.php) specifying the Web option.
  • Then click on register.

Alt text

Add a secret#

  • In the Certificates and secrets tab , click on Client secrets
  • then New client secret

Alt text

  • Enter a description and then an expiration date.
  • A secret value is then generated. Keep this value well because once you have left this page, it will no longer be recoverable.

Alt text

  • Return to the " Overview " tab and copy the following values ​​and the secret seen above

Alt text

Setup GLPI#

  • Now go back to your GLPI interface configuration > Application Aouth IMAP and indicate the information collected previously :

Alt text

  • Click add .
  • Now in the Oauth authorization tab , we will create an authorization

Alt text

  • When you click on :ti-add:create authorization, you will be redirected to the Microsoft services sign-in page.
  • Enter the email address and password of the account that will be used for the collector.
  • You will also need to accept the necessary permissions related to the plugin.

Alt text

Alt text

Setup the receiver#

  • See you now in setup > receivers to configure it:

Alt text

The information concerning the files to be collected is according to your needs.

Change password

If the password of the account collecting the emails is changed, it will also have to be changed in Oauth IMAP using the button in the plugin configuration

Last update: 13/06/2023