OAuth IMAP

Sources

Download

Sources

https://github.com/pluginsGLPI/oauthimap/releases

https://github.com/pluginsGLPI/oauthimap

Microsoft is gradually removing the TLS 1.0 and 1.1 protocols for all Microsoft 365 applications. In order to keep your collector running, you need to add the Oauth IMAP plugin, which is available in the marketplace.

The Oauth tokens for the collector, retrieved during authentication with Azure by the OauthIMAP plugin, are "offline" tokens that delegate authorisation to a third-party application (GLPI). These tokens provide a renewal code that will be used by the application to renew them automatically without user intervention. You will therefore not be asked to re-authenticate after the 1st authorisation request.

Requirements (self-hosted)

GLPI Version

Minimum PHP

Recommended

10.0.x

8.1

8.2

11.0.x

8.2

8.4

This plugin is available without a GLPI Network subscription. It is also available on GLPI Cloud.

Supported mail services

OAuth IMAP support :

Install the plugin

Go to the marketplace. Download Oauth IMAP and enable it

Open the Azure Portal for your tenant
In the search box type registration
then select App registrations

Here are the configuration steps including configuration phases on the Entra side.

Receiver with Entra

Register your Entra application

Create the application

Click on New registration
Enter the desired name, select the type of account supported then enter the redirection URL (present in the configuration of the plugin from your GLPI interface: https://XXXXXXXXXXXXXX/marketplace/oauthimap/front/authorization.callback.php) specifying the Web option
Then click on Register.

Add a secret

In the Certificates and secrets tab
Click on Client secrets
Then New client secret

Enter a description and then an expiration date
A secret value is then generated. Keep this value well because once you have left this page, it will no longer be recoverable

Return to the Overview tab and copy the following values and the secret seen above

Add API permissions

In the API Permissions tab
Click on your API (Microsoft Graph in this case)
Then select Delegated permission
Select :
- email
- offline_access
- openid
- profile
- IMAP.AccessAsUser.All

Setup GLPI

Now go back to your GLPI interface Setup > Application Aouth IMAP and indicate the information collected previously :

Click Add
Now in the Oauth authorization tab, click Create an authorization

When you click on Create authorization, you will be redirected to the Microsoft services sign-in page
Enter the email address and password of the account that will be used for the collector
You will also need to accept the necessary permissions related to the plugin.

Receiver with Google

Creating a project

From your Google console (administrator access is required), go to your organisation then new project

Enter the name of your project
Click on Create

Return to your organisation,
Select your project

Setting up Oauth access

From the menu, click on APIs & Services.
Then OAuth consent screen

Application Information

From the preview, click Get started
Enter the application name and the user support email (users will be able to contact you with questions regarding their consent)

Audience

Indicate what type of audience will be able to use this application (here internal because the user who will be using the imap services is a user of the organization)

Contact information

Enter the contact name (this contact is notified of changes made to the application)

Google API Services User Data Policy

Accept the Google API Services User Data Policy and click Continue and Create

Creating a Client

Application Type

You now need to create an application client that will connect Google to your GLPI instance using an application ID and a client secret.

In the Clients tab, click Create a client.
Select Web Application as the application type.
Enter a name for your application.

Authorised redirect URIs

The return URL must be specified in this section. This URL is found in GLPI under Setup > OAuth IMAP > + Add

Enter this URL in the Authorised redirect URIs section of your application.

Click Create to validate your application

Application information

In the next step, the client secret will be displayed. Once you leave this screen, it will no longer be available. Remember to save it in a safe place.

The application is now created. The screen displays the application ID and the client secret, which you will need to enter in GLPI.

Finalizing GLPI configuration

Once your application information is listed in GLPI, and your application is active, you can click on + Add

OAuth Authorization

OAuth authorization is required for GLPI to use the IMAP services for the mailbox in question.

From the OAuth Authorization tab, click + Create authorization.
Specify the account authorized to use the IMAP services.

Receiver configuration

From Configuration > Receivers > + Add
Specify the server imap.google.com
In Connection options, select the previously created IMAP OAuth application
In Username, select the user with OAuth permissions

FAQ

If you have any questions about using the plugin, please consult our FAQ

Go to FAQ

PreviousNews - Alerts NextOrder Management

Last updated 3 months ago