# OAuth IMAP ## Sources | Download | Sources | | --------------------------------------------------- | ------------------------------------------ | | | | {% hint style="info" %} Microsoft is gradually removing the TLS 1.0 and 1.1 protocols for all Microsoft 365 applications. In order to keep your collector running, you need to add the **Oauth IMAP** plugin, which is available in the marketplace. {% endhint %} {% hint style="info" %} The Oauth tokens for the collector, retrieved during authentication with Azure by the OauthIMAP plugin, are "offline" tokens that delegate authorisation to a third-party application (GLPI). These tokens provide a renewal code that will be used by the application to renew them automatically without user intervention. You will therefore not be asked to re-authenticate after the 1st authorisation request. {% endhint %} *** ## Requirements (self-hosted) | GLPI Version | Minimum PHP | Recommended | | ------------ | ----------- | ----------- | | 10.0.x | 8.1 | 8.2 | | 11.0.x | 8.2 | 8.4 | {% hint style="info" %} This plugin is available without a [GLPI Network](https://services.glpi-network.com/#offers) subscription. It is also available on [GLPI Cloud](https://glpi-network.cloud). {% endhint %} *** ## Supported mail services OAuth IMAP support : * Gmail : * Entra : *** ## Install the plugin * Go to the marketplace. Download **Oauth IMAP** and enable it

* Open the [Azure Portal](https://portal.azure.com/#home) for your tenant * In the search box type **registration** * then select **App registrations**

Here are the configuration steps including configuration phases on the Entra side. *** ## Receiver with Entra ### Register your Entra application #### Create the application * Click on **New registration** * Enter the desired name, select the type of account supported then enter the redirection URL (present in the configuration of the plugin from your GLPI interface: [https://XXXXXXXXXXXXXX/marketplace/oauthimap/front/authorization.callback.php](https://xxxxxxxxxxxxxx/marketplace/oauthimap/front/authorization.callback.php)) specifying the **Web** option * Then click on **Register**.

#### Add a secret * In the **Certificates and secrets** tab * Click on **Client secrets** * Then **New client secret**

* Enter a description and then an expiration date * A secret **value** is then generated. Keep this value well because once you have left this page, it will no longer be recoverable

* Return to the **Overview** tab and **copy** the following values and the secret seen above

#### Add API permissions * In the **API Permissions** tab * Click on **your API** (Microsoft Graph in this case) * Then select **Delegated permission** * Select : * email * offline\_access * openid * profile * IMAP.AccessAsUser.All

*** ### Setup GLPI * Now go back to your GLPI interface **Setup > Application Aouth IMAP** and indicate the information collected previously :

* Click **Add** * Now in the **Oauth authorization** tab, click **Create an authorization**

* When you click on **Create authorization**, you will be redirected to the Microsoft services sign-in page * Enter the email address and password of the account that will be used for the collector * You will also need to accept the necessary permissions related to the plugin.

*** ## Receiver with Google ### Creating a project * From your [Google console](https://console.cloud.google.com/) (administrator access is required), go to your organisation then new project ![New project creation](https://3573604317-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuUCcURk2xlvtpVGbiRZf%2Fuploads%2FKULVoK903IK1UM1Hp4EX%2Foauth-imap-google-1.png?alt=media\&token=40b33f7e-2f96-4841-9f5d-17dca7d9481a) * Enter the name of your project * Click on **`Create`**

* Return to your organisation, * Select your project ![Select the new project](https://3573604317-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FuUCcURk2xlvtpVGbiRZf%2Fuploads%2F6w5Bk0WbE4z0WB4s7cWI%2Foauth-imap-google-3.png?alt=media\&token=e41fcd2d-0eb3-4570-9ca7-44260979fec3) *** ### Setting up Oauth access * From the menu, click on **`APIs & Services`**. * Then **`OAuth consent screen`**

#### Application Information * From the preview, click **`Get started`** * Enter the application name and the user support email (users will be able to contact you with questions regarding their consent)

#### Audience * Indicate what type of audience will be able to use this application (here internal because the user who will be using the imap services is a user of the organization)

#### Contact information * Enter the contact name (this contact is notified of changes made to the application)

*** ### Google API Services User Data Policy * Accept the Google API Services User Data Policy and click **`Continue`** and **`Create`**

*** ### Creating a Client #### Application Type \ You now need to create an application client that will connect Google to your GLPI instance using an application ID and a client secret. * In the **Clients** tab, click **`Create a client`**. * Select **Web Application** as the application type. * Enter a name for your application.

#### Authorised redirect URIs \ The return URL must be specified in this section. This URL is found in GLPI under **`Setup`** > **`OAuth IMAP`** > **`+ Add`**

* Enter this URL in the **Authorised redirect URIs** section of your application.

* Click **`Create`** to validate your application *** ### Application information {% hint style="warning" %} In the next step, the **client secret** will be displayed. Once you leave this screen, it will no longer be available. Remember to save it in a safe place. {% endhint %} The application is now created. The screen displays the application ID and the client secret, which you will need to enter in GLPI.

*** ### Finalizing GLPI configuration Once your application information is listed in GLPI, and your application is active, you can click on **`+ Add`**

#### OAuth Authorization OAuth authorization is required for GLPI to use the IMAP services for the mailbox in question. * From the **OAuth Authorization** tab, click **`+ Create authorization`**. * Specify the account authorized to use the IMAP services.

*** ### Receiver configuration * From **`Configuration`** > **`Receivers`** > **`+ Add`** * Specify the server **`imap.google.com`** * In **Connection options**, select the previously created **IMAP OAuth** application * In Username, select the user with OAuth permissions

*** ## FAQ If you have any questions about using the plugin, please consult our FAQ Go to FAQ