Collecteur Oauth IMAP#
TLS Protocol
Microsoft is gradually removing the TLS 1.0 and 1.1 protocols for all Microsoft 365 applications. In order to keep your collector running, you need to add an Oauth IMAP plugin available in the marketplace.
OAuth IMAP and MFA
The Oauth tokens for the collector, retrieved during authentication with Azure by the OauthIMAP plugin, are "offline" tokens that delegate authorisation to a third-party application (GLPI). These tokens provide a renewal code that will be used by the application to renew them automatically without user intervention. You will therefore not be asked to re-authenticate after the 1st authorisation request (unless you change your password at a later date).
Requirements (on-premise)#
GLPI Version | Minimum PHP | Recommanded |
---|---|---|
10.0.x | 8.1 | 8.2 |
Here are the configuration steps including configuration phases on the Azure side.
Install the plugin#
- See you in the marketplace. Download Oauth IMAP and enable it
- Meet now on your Azure tenant
- In the search box type
registration
then selectapp registrations
Register your Entra application#
Create the application#
- Click on
new registration
- Indicate the desired name, select the type of account supported then indicate the redirection URL (present in the configuration of the plugin from your GLPI interface: https://XXXXXXXXXXXXXX/marketplace/oauthimap/front/authorization.callback.php) specifying the
Web
option. - Then click on
register
.
Add a secret#
- In the
Certificates and secrets
tab , click onClient secrets
- then
New client secret
- Enter a description and then an expiration date.
- A secret value is then generated. Keep this value well because once you have left this page, it will no longer be recoverable.
- Return to the "
Overview
" tab andcopy
the following values and the secret seen above
Setup GLPI#
- Now go back to your GLPI interface
configuration
>Application Aouth IMAP
and indicate the information collected previously :
- Click
add
. - Now in the
Oauth authorization
tab , we willcreate an authorization
- When you click on :ti-add:
create authorization
, you will be redirected to the Microsoft services sign-in page. - Enter the email address and password of the account that will be used for the collector.
- You will also need to accept the necessary permissions related to the plugin.
Setup the receiver#
- See you now in
setup
>receivers
to configure it:
The information concerning the files to be collected is according to your needs.
Change password
If the password of the account collecting the emails is changed, it will also have to be changed in Oauth IMAP using the button in the plugin configuration