# Setting up Oauth IMAP Entra {% hint style="warning" %} **TLS Protocol** Microsoft is gradually removing the TLS 1.0 and 1.1 protocols for all Microsoft 365 applications. In order to keep your collector running, you need to add an **Oauth IMAP** plugin available in the marketplace. {% endhint %} {% hint style="success" %} **OAuth IMAP and MFA** The Oauth tokens for the collector, retrieved during authentication with Azure by the OauthIMAP plugin, are "offline" tokens that delegate authorisation to a third-party application (GLPI). These tokens provide a renewal code that will be used by the application to renew them automatically without user intervention. You will therefore not be asked to re-authenticate after the 1st authorisation request (unless you change your password at a later date). {% endhint %} ## Requirements (on-premise) | GLPI Version | Minimum PHP | Recommanded | | :----------: | :---------: | :---------: | | 10.0.x | 8.1 | 8.2 | Here are the configuration steps including configuration phases on the Azure side. ## Install the plugin * See you in the marketplace. Download Oauth IMAP and enable it ![Alt text](/files/mvB4lWApswXQSlGNQ8S8) * Meet now on your [Azure tenant](https://portal.azure.com/#home) * In the search box type **`registration`** then select **`app registrations`**
Alt text
## Register your Entra application *** ### Create the application * Click on **`new registration`** * Indicate the desired name, select the type of account supported then indicate the redirection URL (present in the configuration of the plugin from your GLPI interface: ) specifying the **`Web`** option. * Then click on **`register`**. ![Alt text](/files/0b2V23UW3p1ZbwezpeJU) *** ### Add a secret * In the **`Certificates and secrets`** tab , click on **`Client secrets`** * then **`New client secret`** ![Alt text](/files/5X4oLz7PHmWdN5KuQL6C) * Enter a description and then an expiration date. * A secret **value** is then generated. Keep this value well because once you have left this page, it will no longer be recoverable. ![Alt text](/files/F8vKSEdlkEmXp6vafmjV) * Return to the " **`Overview`** " tab and **`copy`** the following **values** ​​and the secret seen above
Alt text
## Setup GLPI * Now go back to your GLPI interface **`Setup`** > **`Application Oauth IMAP`** and indicate the information collected previously : ![Alt text](/files/ALYg8vLnxyAfRhDwiIis) * Click **`add`** . * Now in the **`Oauth authorization`** tab , we will **`create an authorization`**
Alt text
* When you click on **`create authorization`**, you will be redirected to the Microsoft services sign-in page. * Enter the email address and password of the account that will be used for the collector. * You will also need to accept the necessary permissions related to the plugin.
Alt text
![Alt text](/files/ijlXtisnGyQvXAdmS6wr) ## Setup the receiver * See you now in **`setup`** > **`receivers`** to configure it: ![Alt text](/files/tDkSTLYoNluyyp9gBPxJ) The information concerning the files to be collected is according to your needs. {% hint style="success" %} **Change password** If the password of the account collecting the emails is changed, it will also have to be changed in Oauth IMAP using the button in the plugin configuration {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.glpi-project.org/tutorials/most-popular/oauth_imap_entra.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.