1 of 83

Tutorials

Most popular

See all our most popular items below, or browse the menus on the right to find the item you're looking for.

Setting up Oauth IMAP Entra

TLS Protocol

Microsoft is gradually removing the TLS 1.0 and 1.1 protocols for all Microsoft 365 applications. In order to keep your collector running, you need to add an Oauth IMAP plugin available in the marketplace.

OAuth IMAP and MFA

The Oauth tokens for the collector, retrieved during authentication with Azure by the OauthIMAP plugin, are "offline" tokens that delegate authorisation to a third-party application (GLPI). These tokens provide a renewal code that will be used by the application to renew them automatically without user intervention. You will therefore not be asked to re-authenticate after the 1st authorisation request (unless you change your password at a later date).

Requirements (on-premise)

GLPI Version

Minimum PHP

Recommanded

10.0.x

8.1

8.2

Here are the configuration steps including configuration phases on the Azure side.

Install the plugin

See you in the marketplace. Download Oauth IMAP and enable it

Meet now on your Azure tenant
In the search box type registration then select app registrations

Register your Entra application

Create the application

Click on new registration
Indicate the desired name, select the type of account supported then indicate the redirection URL (present in the configuration of the plugin from your GLPI interface: https://XXXXXXXXXXXXXX/marketplace/oauthimap/front/authorization.callback.php) specifying the Web option.
Then click on register.

Add a secret

In the Certificates and secrets tab , click on Client secrets
then New client secret

Enter a description and then an expiration date.
A secret value is then generated. Keep this value well because once you have left this page, it will no longer be recoverable.

Return to the " Overview " tab and copy the following values and the secret seen above

Setup GLPI

Now go back to your GLPI interface configuration > Application Aouth IMAP and indicate the information collected previously :

Click add .
Now in the Oauth authorization tab , we will create an authorization

When you click on create authorization, you will be redirected to the Microsoft services sign-in page.
Enter the email address and password of the account that will be used for the collector.
You will also need to accept the necessary permissions related to the plugin.

Setup the receiver

See you now in setup > receivers to configure it:

The information concerning the files to be collected is according to your needs.

Change password

If the password of the account collecting the emails is changed, it will also have to be changed in Oauth IMAP using the button in the plugin configuration

Customise my logo

Download the branding plugin from the marketplace
Activate it.

This allows you to customize the logo in GLPI, on the login page, etc.

To modify the logo :

Go to your list of plugins: setup > Plugins
Click on the wrench for the Branding plugin, which will take you directly to the plugin's configuration menu.

Here you can replace :
the logo at top left (including folded bar)
the logo on the login page,
the background of the login page,
the icon in the browser bar

Setting up Oauth SMTP Entra

Creating an Entra application

Register an Entra application

Log in to your Entra portal
In the Applications > Application registration > new application menu
Enter an application name, then in URI redirection, enter web.
Retrieve the GLPI redirection URL available in configuration > notifications > configuration of email notifications. In way of sending emails, select SMTP+OAUTH.

You will see the redirection URL in the new menu that appears. Copy it and paste it into the redirection URI of your Entra application.

Click on Save.

Creating the secret

Now go to certificate and secret.
Click on new client secret.
Enter a name and an expiry date.
Then click on add

Once validated, the secret value appears.

Point of attention

The value of the secret must be reflected in client secret on the GLPI side. This value is only visible once, remember to save it in a safe place.

Adding claims

The addition of claims is necessary so that GLPI can use the SMTP service via the Entra application.

In the claims tab, click on your application (in this case Microsoft graph).

On the right-hand side of the screen, search for smtp.
select it then click on update permissions.

Last GLPI settings

Return to the application's overview menu to find the information you need to enter into GLPI.
We filled in the secret value in the previous step, all that remains is to fill in the application ID and the directory ID.

When you click on save, you will be redirected to the Microsoft account to be connected.

Point of attention

The account synchronised with Oauth SMTP must also be the one sending the emails. This account is identified in the sender's email

Authenticated SMTP configuration

In order for the account using SMTP services to be authorised to send mail, it is imperative to activate authenticated SMTP from the Entra Tenant.

Connect to your tenant
Go to users and click on the relevant account
Then go to mail > manage mail applications and select SMTP Authenticated

Send test

Once you have entered your Microsoft account details, you will need to accept the necessary authorisations. All that's left is to carry out a test send.

References

GLPI documentation "Email followups configuration"

Account and subscription

Subscribe to GLPI cloud

In this article we will show how to subscribe to the GLPI Network Cloud paid offer.

I already have an account and instance

Go to your account here.

Before subscribing to paid offer, we ask you to check MY ACCOUNT menu on your Dashboard. Your profile may still be incomplete.

We invite you to fill it with your real data before subscribing to paid offer, so we can correctly issue the invoices.

Once your profile is complete, return to your Dashboard.

You will see an orange pop-up indicating the time remaining of your trial period and allowing you to switch to the paid offer by adding payment information to your customer area.

You will be offered to select between two methods of payment:

Credit or debit card
SEPA Mandate (soon available automatically)

Do not hesitate to contact us to discuss another payment options.

Once your payment method is selected, your trial period will be canceled and you will be transferred to the paid offer. You will also receive an email with the validation of your payment and your first invoice.

In the customer area, you will be redirected to Dashboard.

Go to My applications and options, you will find summary of your offer.

You are now a GLPI Network Cloud customer, thank you for your trust!

I do not have an account or an instance

To create your customer account and your first GLPI Network Cloud instance, go here: https://myaccount.glpi-network.cloud/register.php

Please enter your authentication information and the URL for your first GLPI instance.

Once your information is validated, click on Create my instance. You will be asked to wait during the installation of your instance.

Once the installation is complete, you will be taken to your customer area. You will see the following information:

The URL of your GLPI Network Cloud instance
The Super Admin account ID
The associated password

By clicking on Go to my GLPI Network C1 Instance, you will be redirected directly to the URL you have chosen. Feel free to test it and contact us if you have any questions! You will also find useful articles in our FAQ to help you to understand and start using GLPI.

If you have decided to switch to the paid offer, please, return to your customer area: https://myaccount.glpi-network.cloud/ Your login details for the customer area are:

Login: the email address entered at registration
Password: The password entered at registration

After this step is complete, we invite you to read the first section of this article: I already have an account and instance.

Authentication

Activate sso

Yes, it is possible, but note that GLPI Network Cloud offer does not allow compatibility between following tools:

basic Apache authentication;
Windows domain authentication.

You can use the following tools:

Authentication server like LemonLDAP NG, Shibboleth, etc;

CAS;
X509 certificate;
oAuth (with oAuth plugin).

You can configure your authentication in the Setup > authentication menu.

For authentication via oAuth, make sure that oAuth plugin is installed and activated on your instance in setup > plugins.

Access the plugin's configuration by clicking on it or by setup > Oauth SSO applications

Authenticate with local LDAP

In this article, we will expose solutions to benefit from your local LDAP authentication on your GLPI Network Cloud instance.

Opening your local directory

To benefit from your local LDAP directory, it is necessary to make it accessible from Internet.

That passes by the installation, on your infrastructure, of protocol LDAPS what will allow your directory LDAP and your instance GLPI Network Cloud to communicate in a protected way.

According to your infrastructure, it is also interesting to set up filtering to guarantee that only your instance GLPI Network Cloud can attack your LDAP directory from outside. ( IP address of your instance here )

You must prepare your environment for the use of the LDAPS protocol;
1. LDAPS protocol enabled/accepted (depending on your environment);
2. Port 636 open/accepted on your network from Internet/your GLPI Network Cloud instance.
You can finally configure the LDAP(S) authentication in your GLPI Network Cloud instance.

Synchronize your local directory on a Cloud directory (Azure AD)

This adds an intermediary and requires more configuration but allows you to benefit from your local directory if you do not want to expose it directly.

Subscribe to Azure AD
Synchronize your local directory with Azure AD;

Dedicated VPN via the subscription of a GLPI Network Cloud Private offer

Subscribing to a GLPI Network Cloud Private offer will allow you to call upon our team to set up a dedicated VPN between your GLPI Network Cloud instance and your infrastructure.

Subscribe to a GLPI Network Cloud Private offer;
Migration or deployment of your private instance;
Ask for the implementation of a dedicated VPN;
Planning / Implementation / Validation of the VPN with a technician of our team.

Integrate GLPI Network Cloud and LDAPS (Entra)

Reminder of use

Let's first remember that using an Entra directory allows two features with GLPI:

Synchronize users
Authenticate them.

Authentication can be done in two ways:

LDAPS authentication via directory synchronization (of users) in GLPI
Oauth SSO authentication (sync is not required)

We will now detail the configurations of these features.

Directory synchronisation and/or LDAPS authentication

Entra AD requires the use of the LDAPS protocol to be synchronized. Microsoft has fully documented the configuration of its environment for the use of LDAPS. We therefore invite you to follow the official documentation here in order to prepare your Entra AD environment.

Note

Your Entra Tenant must have a sufficiently high license or the purchase of Microsoft Entra Domain Services may be necessary.

Remember that you can determine the IP address of your GLPI Network Cloud instance by following the article here, if you want to establish LDAPS access rules on your Entra AD environment.

Warning

If your Entra AD environment is poorly prepared for LDAPS, it won't work on the GLPI side

Also remember to create a service account (a user) in your directory, only dedicated to the interconnection between GLPI and your Entra AD directory.

Once your Entra AD environment has been prepared for LDAPS, go back to GLPI!

You must create an LDAP Directory type authentication source.

Go to the Setup > Authentication > LDAP Directory
Clicking on add to add a new directory
We had to setup the new directory for LDAPS connections

Explanation of fields :

Name The name to enter here will be the one displayed in the liste of your directories, it doesn't influence the configuration.
Default server This parameter allows you to define if this directory should be used as a priority.
Active With this parameter, you can activate or not the directory
Server In front of IP or FQDN of you rLDAP server, add ldaps:// , e.g : ldaps://Entra.mycompany.com or ldaps://xxx.xxx.xxx
Port Enter the port of your LDAP. LDAPS requires port 636
Connexion filter You can set a condition for the search. It possible to filter the user's search to a reduced number of records.

For Active Directory, use the following filter, which returns only no-disabled users (because machines are also considered users by AD):

(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

This filter is a standard example, you can modify it to your need.

BaseDN

basedn

The basedn must be written without spaces after the commas. Also, the case must be the same

For standard use, the parameters to enter are very simple, for example :

If your Server = Entra.mycompany.com

So your BaseDN = dc=mycompany,dc=com

RootDN (for non-anonymous binds) Enter here the full DN of the service account that will authenticate with your directory
Password (for non-anonymous binds) Enter here the password of the service account that will authenticate with your directory. Note that when saving the configuration, this field will appear empty, this is normal, the password will be saved in the database.
Login field
- For Entra AD with SSO Authentication! We will indicate the field userprincipalname
- For Entra AD without SSO authentication! We will indicate the field samaccountname
Comments This field does not influence the configuration, it is only a text field allowing you to place an indication, a remark, etc.
Synchronization field In the schemas provided by default, we recommend, for example, using the “objectGUID” attribute (corresponding to the official unique identifier of an object); Be careful with this field, once configured it cannot be modified.

Once the fields are entered, click Add to save your directory.

During registration, a connection test to your directory will be carried out by GLPI !

Additional options

Once your LDAPS connection has been registered, return to the configuration of your directory on GLPI side.
In advanced information, change the Use Paginated Results field to Yes
We recommend changing the page size to 100
We recommend changing the field maximum number of results to unlimited

Your directory is connected but you have to define options to synchronize.

To do this, go to your directory configuration and use the Users and Groups tabs by customizing the LDAP attributes you want to synchronize and the settings that are useful to you. This section is complete.

Automatic actions

Check automatic actions

On-premise and GLPI Network Cloud

To check the status of your automatic actions, there is an automatic action whose role is to check the status of the others.

Go to the menu setup > Automatic actions, and select the watcher automatic action.

This automatic action will send you, by e-mail (if you have correctly configured Notifications), the actions in error. More precisely, these are all actions whose status remains indefinitely on "In progress".

It is also possible to manually check the status of an automatic action in its configuration page, and to restart it by clicking on the Reset cross just to the right of the current execution status:

GLPI Network Cloud ONLY

To know

If you use the "CLI" execution mode (which is recommended), and you have requested activation, our internal system checks for blocked automatic actions every 6 hours and unblocks them automatically.

References

General

Setting up your calendar

Define a business opening period

From setup > dropdowns, enter calendar and click on calendars.

Click on add
Name your calendar,
In the time ranges tab, select the 1st day of opening and the start and end times of the day. If you need to create a lunch break, you will need to create 2 entries per day (e.g. Monday 9am-12pm then Monday 2pm-7pm).
Click on add for each entry you make

!!! Tip "Different days and times for each entity" You can create several opening times on different entities. For example :

  - **Entity A**: Monday to Friday, 9am to 7pm
  - **Entity B**: Monday to Saturday from 8am to 6pm

  ![Alt text](Pics/Calendar-2-bis.png)

Create a closing date/period

From setup > dropdowns, enter closing and click on closing periods.

Click on add,
enter a name,
a start date,
an end date,
and a recurrence.

!!! tip "Recurrence information" If you add a recurring period, for example from Monday 7 August 2023 to Sunday 20 August 2023. The recurrence will apply to the same dates the following year, i.e. from Wednesday 7 August 2024 to Tuesday 20 August 2024. Please check that your information is consistent before validating a recurrence.

Defining a closing date/period for an entity

Requirements within a company are not always the same. For example, in entity A, closing days may differ from entity B. You can therefore set up different closing days and separate holidays.

If this is your case, make sure you create opening days and times in the correct entities (you can always skip the transfer list if you make a mistake).

From setup > dropdowns, enter calendar and click on calendars

click on the calendar that is to receive a different day/period of holidays, click on closing periods,
in the closing periods tab, select the period created earlier,
click on add

Delete a holiday date/period

From setup > dropdowns, enter closing and click on closing periods.
Click on the period you wish to delete,
click delete permanently.

If you have several to delete, you can skip the select-entries, actions then delete permanently.

!!! Warning "Caution" This will permanently delete the entry for ALL entities

For more options

You can also download the Holiday plugin to enter mass holidays or specific to certain countries or regions.

Managing dashboards

Dashboards are already present when you install GLPI:

Central: displays overall information (represents number of PCs, telephones, monitors, etc., number of users and groups, number of tickets, problems, changes, etc.)
Assets: shows the elements of the portfolio with computer-type graphics by status, by manufacturer. Computers by type, network hardware by manufacturer, and more.
Assistance: lists tickets and their status. Graphs are available such as tickets by status and month, top ticket categories, number of incoming tickets, assigned tickets, etc.
GLPI inventory reports: shows the number of agents, tasks, elements in the fleet, etc.

All these tables are of course modifiable.

Creating a new dashboard

Added new dashboard

In this example, we will add a global view of the number of tickets and their status as well as an assignment filter by user or group.

From the main GLPI view (by clicking on the logo at the top left), click on

Enter a name for your dashboard then click on add
Position your mouse where you want to position your tile and click on
In the window for selecting the type of data to display, choose the one that suits you (here ticket summary)
Depending on the data selected, you may be asked to choose the type of chart that will be displayed

1. Select the background of your tile 2. Select chart type 3. Select the gradient from the palette (shade of gray displayed per tile) 4. Select the number of data to display (the number of data reflects the number of statuses your tile will display)

Click on edit
You can enlarge your tile by selecting and stretching it

You can then add as many tiles as you want.

Add filter

The filter will display the result of the tile for a given element. In our example, for a particular group.

Click on add filter

Select technician group
Click on add
When you are satisfied with your dashboard, click on to exit edit mode

If you want to display all the tickets in a group, you can now do so by selecting the desired group from the technician group filter

You can also access the items by clicking on the desired status. For example, if I want to display all tickets in pending status for group 1, I choose group 1 in the filter and then click on the pending line to display the result in the support tab.

Dashboard options

In the menu at the top right, you can see a number of possible options:

Refresh data

Clone a dashboard

1. Direct link: this public link can be communicated. It will be accessible without identification and will be displayed in full screen. Only viewing this dashboard will be possible (except if the recipient has a GLPI account on the instance with the necessary authorizations to modify it) 2. Iframe: allows insertion into a web page 3. Share with targets: allows sharing with other profiles, entities, users or groups. 4. Personal: Specify whether this dashboard is private or not. A personal dashboard is not visible to other administrators unless you explicitly share it

Delete a dashboard

Edit a dashboard

Show full screen

Fields unicity

To avoid duplicates, the uniqueness of fields function allows you to refuse hardware imports if one of the fields set is identical to another field of the same type of hardware. For example, 2 computers with the same serial number.

From setup > field unicity, click on add
Add a :
- a name
- A comment (optional)
- Set active to yes
- The type of item targeted (computer, telephone, user, etc.)
- Select the filed that will be considered unique
- Indicate whether the import should be refused or accepted.
- Indicate whether a notification should be sent

Sub-entity

If necessary, remember to tick sub-entity in the top right-hand corner so that your field can be checked in all the sub-entitles in which uniqueness is created.

If a duplicate is created, an error message will appear:

Helpdesk

Add a task

Creation

Enter the ticket that requires a task to be added. Click on answer > create a task (or on create tasks directly depending on the configuration of your interface):

Add a follow

As with tracking, you have a text field to indicate the nature of the Task. You can define whether the Task will be public or private. What differentiates the Task from the Tracker is its right-hand menu.

Type of task

This will allow you to define the status of the Task when it is added: Information / To Do / Done.

Execution time

GLPI lets you define its execution time (this data can be modified later):

Users and groups

You can define which user or group will be assigned to this Task:

Planning

As mentioned above, the best thing about a Task is its scheduling. To do this, click on the Schedule this Task button, which will display the scheduling options.

Duration

You will be able to set a date, start time and duration for the Task. Click on the icon on the right to unfold the calendar:

Save

Once you have entered your details, click on the Add button to save the Task.

Unlike Follow-ups, when adding a Task, you can only select a status for Tickets, the choice of status is not available for Problems and Changes. The ticket will automatically change its status to processing (planned).

Add changes

Link with a problem

A change is a modification, addition or deletion of an element of a company that may have an impact on procedures, infrastructure, etc. A change is often a relatively major event and requires follow-up. It may be linked to a problem and/or one or more tickets.

The change is created as a problem. Additional inserts are available to identify the impacts, monitor the points that will have been modified, and draw up a plan for deployment and fallback if necessary.

Create a change

From assistance > changes, click on add
Fill in the title and description fields (they will already be pre-filled if you create a change from a problem).
The tabs on the right of the screen are standard, you probably already know them from tickets.
In analyses, 2 new inserts are available:
- Impacts**: generally lists the impacts of the problem
- Checklist': the checkpoints to be carried out (or that have been carried out) before any changes are implemented.

Track the change

statuses

Different statuses are available for the changes and can be adapted as the change evolves.

Action plan

When a change is implemented, an action plan must be devised to minimise the impact on production systems.

In our example, the change is the result of a problem that has arisen. Once the causes have been identified, an action plan must be put in place to prevent the problem recurring.

In your change, a plan insert is available covering 3 phases:
- deployment plan,
- fallback plan,
- checklist.

This insert should be filled in with as much detail as possible.

Change validation (optional)

Once this insert has been updated with the necessary actions, it can be submitted for validation if required. A minimum threshold can be assigned to validate the change.

From the validation tab, click on send a request for approval.
Select the validation recipient
enter a comment
Click on add

If the validation is positive, you can then put the actions in place. If the validation is negative, you will need to improve your process to obtain validation of the change.

Estimating the cost

You can also estimate the cost of the change. In our case, adding a new server (hardware cost + human cost)

From the cost tab for your change, add all the expenses associated with implementing the change.

Project

If necessary, you could add a project. For example, if the change you make has repercussions on other departments, you could decide to implement the same solutions for all the other departments. In this case, it could be linked to a business development project.

Tickets

If this change is the result of one or more tickets, you can join them in the tickets tab.

Items

You can indicate all the elements that are impacted or linked by this change.

Click on add an item.
Click on the type of element to be added (here indicators)
And choose the element(s) concerned

Impact analysis

The impact analysis allows you to see the linked elements and to have an overview of the impact that a breakdown in the infrastructure could have.

To add an item, click on
Select the type of equipment you wish to add
Choose the item from the available list
Use the icon to join elements.
With the icon you can manage the colours of the relationships between elements.

Impact analysis

To use the impact analye, the materials must have been created previously, either through inventory feedback or manually.

Knowledge base

You can attach one or more items from the knowledge base

Click on attach to a knowledge base entry.
Select the item you want
Click on add

Closing

Each company has its own validation process. From an ITIL perspective, changes can be considered closed once testing and qualification have been completed. Once the change has been applied and reviewed, it can then be considered closed and the release to production is considered definitive.

Creating ITIL Category

Creating the category

From configuration > titles, enter ITIL in the search box.
Click on ITIL category.

Click on add.
Enter the necessary information

Note on visibility

Visibility indicates whether the category will be selectable from the assistance interface. If it is set to no, the category will be visible but not selectable. For example, to limit the selection of root categories and force users to refine their request by selecting a child category (rather than software choose software > email).

Note on templates

Templates can be used to simplify the interface with users. For example, you can pre-fill fields, hide some or force others to be filled in. See the chapter on Add templates.

Once your category has been created, click on add.

Link a category to a template

Inventory

Knowledge

My instance

Customise my logo

Download the branding plugin from the marketplace
Activate it.

This allows you to customize the logo in GLPI, on the login page, etc.

To modify the logo :

Go to your list of plugins: setup > Plugins
Click on the wrench for the Branding plugin, which will take you directly to the plugin's configuration menu.

Here you can replace :
the logo at top left (including folded bar)
the logo on the login page,
the background of the login page,
the icon in the browser bar

Notifications

Setting up Oauth SMTP Entra

Creating an Entra application

Register an Entra application

Log in to your Entra portal
In the Applications > Application registration > new application menu
Enter an application name, then in URI redirection, enter web.
Retrieve the GLPI redirection URL available in configuration > notifications > configuration of email notifications. In way of sending emails, select SMTP+OAUTH.

You will see the redirection URL in the new menu that appears. Copy it and paste it into the redirection URI of your Entra application.

Click on Save.

Creating the secret

Now go to certificate and secret.
Click on new client secret.
Enter a name and an expiry date.
Then click on add

Once validated, the secret value appears.

Point of attention

The value of the secret must be reflected in client secret on the GLPI side. This value is only visible once, remember to save it in a safe place.

Adding claims

The addition of claims is necessary so that GLPI can use the SMTP service via the Entra application.

In the claims tab, click on your application (in this case Microsoft graph).

On the right-hand side of the screen, search for smtp.
select it then click on update permissions.

Last GLPI settings

Return to the application's overview menu to find the information you need to enter into GLPI.
We filled in the secret value in the previous step, all that remains is to fill in the application ID and the directory ID.

When you click on save, you will be redirected to the Microsoft account to be connected.

Point of attention

The account synchronised with Oauth SMTP must also be the one sending the emails. This account is identified in the sender's email

Authenticated SMTP configuration

In order for the account using SMTP services to be authorised to send mail, it is imperative to activate authenticated SMTP from the Entra Tenant.

Connect to your tenant
Go to users and click on the relevant account
Then go to mail > manage mail applications and select SMTP Authenticated

Send test

Once you have entered your Microsoft account details, you will need to accept the necessary authorisations. All that's left is to carry out a test send.

References

GLPI documentation "Email followups configuration"

Oauth SMTP Google

Creating a project

Enter the name of your project
Click on create
Return to your organisation,
Select your project

Setting up Oauth access

From the menu, click on APIs & Services.
Then OAuth consent screen.
select the type of access that will be granted to the application (internal or external users)
Then click on create.
Enter (as a minimum) a name for the application, an email address for application support and the developer's email address (this information is compulsory).
Click on save and continue.
In the scope section, click on add or remove scopes.
Add auth/userinfo.email auth/userinfo.profile and openid.
Click on update
Then save and continue

ID settings

From the credentials menu, click on create credentials then Oauth client ID.
Enter an application name,
In the authorized redirect URL section, enter the GLPI callback URL.

Where can I find my GLPI callback URL?

Click on create
A page appears with the username values. Keep this information as it will be requested in GLPI.

Setting up GLPI

From setup > notifications > configuration of email notifications
Select SMTP + OAUTH
Select Google and enter the information requested, using the screenshot above as a guide

Additional information :

Click on save

You will be asked for a Gmail account, and you will then need to accept the necessary authorisations.

Recommendation

It is preferable that the OAUth SMTP account is also the one indicated in sender email so that emails are sent from the correct mailbox.Run a test send to make sure your SMTP configuration is working properly.

Plugins

Procedures

Receivers

Setting up Oauth IMAP Entra

TLS Protocol

OAuth IMAP and MFA

Requirements (on-premise)

GLPI Version

Minimum PHP

Recommanded

10.0.x

8.1

8.2

Here are the configuration steps including configuration phases on the Azure side.

Install the plugin

See you in the marketplace. Download Oauth IMAP and enable it

Meet now on your Azure tenant
In the search box type registration then select app registrations

Register your Entra application

Create the application

Click on new registration
Indicate the desired name, select the type of account supported then indicate the redirection URL (present in the configuration of the plugin from your GLPI interface: https://XXXXXXXXXXXXXX/marketplace/oauthimap/front/authorization.callback.php) specifying the Web option.
Then click on register.

Add a secret

In the Certificates and secrets tab , click on Client secrets
then New client secret

Enter a description and then an expiration date.
A secret value is then generated. Keep this value well because once you have left this page, it will no longer be recoverable.

Return to the " Overview " tab and copy the following values and the secret seen above

Setup GLPI

Now go back to your GLPI interface configuration > Application Aouth IMAP and indicate the information collected previously :

Click add .
Now in the Oauth authorization tab , we will create an authorization

When you click on create authorization, you will be redirected to the Microsoft services sign-in page.
Enter the email address and password of the account that will be used for the collector.
You will also need to accept the necessary permissions related to the plugin.

Setup the receiver

See you now in setup > receivers to configure it:

The information concerning the files to be collected is according to your needs.

Change password

If the password of the account collecting the emails is changed, it will also have to be changed in Oauth IMAP using the button in the plugin configuration

Rules

Tools

Deploy via GlpiInventory

Plugin GLPI Inventory

Information

The GLPI Inventory plugin is available in the menu Administration > GLPI Inventory If it is not installed, please go to the marketplace, and install the GLPI Inventory plugin

Software deployment configuration can be done in three steps:

determination of files and / or commands to deploy
determination of deployment targets
deployment itself

Recommendation

We recommend using the URL https://my_instance/marketplace/glpiinventory for your GLPI agents to ensure proper application deployment.

Files

Go to Administration > GLPI Inventory
In the tab Deploy > Package management
Create a new package with add
Name it
Add

In this newly created package, in the Actions on package tab we need to configure the four parts that form a package:

Audits
Files
Actions
User interactions

Each part is configured via small icon

Audits

It is possible to perform checks before starting the package installation process. This part is not essential but may be necessary for optimal deployment.

Registry check (Windows only)

Verification of files (all OS)
Checking free disk space (all OS)

If the audit fails, the following options are available:

stop the process: do not continue checking, and skip the deployment process
skip the process: do not continue the process and pass the deployment successfully (package already installed)
report information: checks continue, failure is reported to the central console
report warning: checks continue, a warning appears on the central console

Files

In this part, you have to select the data (files) that will be deployed.

Two possible options:

Download from your computer (pay attention to the maximum size allowed): if you want to upload larger size, please contact Cloud Support.

The administrator can select the files from his computer.

Import options are available for each file:

Unzip: the agent can decompress zip or tar.gz archives
P2P: indicates whether the file fragments may be available via P2P or only via the server
Retention time: during a P2P move, the number of minutes within which the
Downloaded fragment is available to other agents in the subnet

Download from the server (not available in Cloud environment at the moment)

Actions

Once the files to download are defined, it is necessary to define which actions have to be executed on it or not.

The actions are executed after successful download of the file (s). Here are their types:

execute an order
create or delete directory
move or copy a file

As an example, installation of Firefox :

A mechanism makes it possible to check whether the execution of command has passed correctly. To do this, you can test:

the return code of the order
standard output command

User interactions

This feature is not mandatory.

The administrator can decide if to interact with user in deployment process:

after the execution of audits
after downloading files
after the actions
in case the file download failed
in case the execution of actions has failed

This functionality is divided into two parts:

Definition of interaction model

Model records he characteristics of an interaction to be reused next time. It describes both the type of window shown to the user and its behaviour.

The models are accessible via Administration > GLPI Inventory > Deploy > user interaction templates

Example:

Model has :

a name
an interaction formation (Windows WTS only)
a type of interaction: definition of the buttons accessible on the window
whether or not an icon is displayed
a number of possible postponements of an interaction
the time between 2 interaction requests from the user

Then, you must define what would be the behaviour of the system according to the different behaviours adopted by the user, via the Behaviours tab.

Three types of behaviour are possible for each action:

continue the deployment process
stop it
try it again later

Certain events are pre-defined, regardless of the type of choice that the user makes:

Behaviour in case of no active session
Behaviour in case of several active sessions (TSE)
Behaviour in case of the window display time is exceeded (automatic closing)
Applying the template for package event Once the template is configured, it must be applied.

Going back to our package, select Actions on the package tab in the User Interactions section.

The administrator defines the title and content of the window that will be displayed to the user.

Deployment targets

Once the package is defined, you must define on which workstation (s) it will be installed.

GLPI Inventory offers several types of targets:

a particular computer
a computer group based on GLPI group
a group of GLPI Inventory computers

Usually we mainly use GLPI Inventory groups, which are either static or dynamic.

This configuration is carried out from the Administration > GLPI Inventory > General > Computer group menu.

Static groups

A static group contains machines that have been selected by the administrator. It does not change over time, unless the administrator adds / removes machines.

Create a static group

From Administration > GLPI Inventory > General > Computer groups
Click on Add
Name your group
Choose Static group
In the Criteria tab, select the information you want in the search (here we will indicate all jobs located in Paris)
You can add as many criteria as you like, paying attention to the logical operator (and, or, and not, or not). You can create global rules (entity criteria, user criteria, application criteria, etc.) and/or create groups of criteria (for example, all PCs whose name is Microsoft, whose name contains commerce, with an active status, connected to the switch on the 3rd floor. All these criteria must be met for the PC to be included in the dynamic group).
Click on Preview to see the list of workstations appear
Select the workstations concerned
Use the Actions button to add them to the static group
The search results will appear in Associated Items.

Dynamic groups.

A dynamic group is the result of a search engine query. The machines in the group are calculated and the list varies over time.

Create a dynamic group

From Administration > GLPI Inventory > General > Computer groups
Click on Add
Name your group
Choose Dynamic Group
In the Criteria tab, select the desired information in the search (here we will indicate all workstations whose OS name contains Microsoft and are located in Barcelona).
You can add as many criteria as you like, paying attention to the logical operator (and, or, and not, or not). You can create global rules (entity criteria, user criteria, application criteria, etc.) and/or create groups of criteria (for example, all PCs whose name is Microsoft, whose name contains commerce, with an active status, connected to the switch on the 3rd floor. All these criteria must be met for the PC to be included in the dynamic group).
Click on Save.
The results of the search will appear in Associated items.

Your group is created. If you wish, you can transform it into a static group using the Actions menu.

Dynamic groups <-> static groups

You can change the group type from dynamic to static at any time by modifying it directly in the group parameters

Deployment

Tasks

Package deployment is done by adding dedicated tasks. Tasks are accessible via Administration > GLPI Inventory > Tasks > Task management.

A deployment task can contain several jobs, which are several actions that agent will execute one after the another.

A task is divided into 3 stages:

preparation: it is the stage of calculation of targets for which the task must be executed
execution: it is the stage of sending deployment order from the server to the agent
the follow-up: it is the stage of display of the follow-up of deployment After creating a task, make it active and define its execution.

It is possible to indicate range of validity of task:

scheduled start time: start preparation actions from this date
scheduled end time: stop the validation of task after this date

Automatic actions

Check if Taskscheduler automatic action is correctly configured

Jobs

In the task, in the Job configuration tab.

A job is an action to deploy a package to computer or a set of computers.

Information

Make sure that the remote deployment module is activated for each agent. It is possible to activate the module by default in the general configuration of GLPI Inventory

A job contains:

Method (package deployment here)
Targets (package to deploy)
Actors (target groups)

Information

The task is triggered when the agent on the target PC contacts the server. The server then sends its deployment task and performs the programmed actions

Deployment is monitored either in the Job execution tab of a task, or via the Administration > GLPI Inventory > Tasks > Monitoring / Logs menu.

Inventory printers and network hardware

GLPI allows you to automatically inventory your switches, printers, routers, etc... This part requires the installation of the GLPI Inventory plugin available in the marketplace and a GLPI agent installed in the park.

How it works

Inventory takes place in 2 stages:

network discovery, which scans the network for detected devices.
An SNMP inventory, to provide the SNMP information authorized by the manufacturer (serial number, OS, etc.) for each type of equipment.

These 2 actions will be managed by tasks. The principle for network hardware and printers is the same. In this example, a printer will be remounted to demonstrate the principle.

Prerequisites

GLPI Inventory installed and up to date (from marketplace),
a GLPI agent installed in the park (also up to date with the necessary modules installed),
Inventory enabled (administration > inventory enable)
network hardware or printer capable of accepting SNMP requests (preferably V3, but V1 and V2 are also accepted).

Sequence

SNMP identifiers

Make sure you have correctly configured your SNMP identifiers on the machine side. Refer to the official hardware documentation if necessary.

Go to administration > inventory > SNMP credentials

!!! info In SNMP V3, identifiers must be configured. In V2c and V1, only the name of the community is required. We recommend that you upgrade to V3 as far as possible to ensure maximum security for exchanges between GLPI and your agents.

Then click on add

Enter the name you prefer
Select the SNMP version you want (here V3)
Next, specify the identifiers and encryption methods for authentication and data:

Clock on Save

Equipment import and link rules

By default, rules are created to ensure that detected equipment is created if it does not exist, or merged if it is already in the park. You'll find these rules in administration > Rules > Equipment import and link rules. You can modify these rules to match the elements you need (serial number, machine name, etc.).

Business rules for equipment

This part is optional. As each instance is different, this step is specific to your needs and must be adapted. Here, the simplest case will be explained. Here we're going to define that everything in the 192.168.1.1 /24 network is brought up in the inventory (provided that the SNMP configuration has been applied to the equipment brought up).

We will therefore create the following rule:

criterion: If my IP address contains 192.168.1
action: Assign to the entity Paris Office
Go to administration > Rules
Click on Rules on the computer entity (this menu also takes into account the rules for other hardware)

Then create your rule(s) :

IP range

In order to perform the network scan, GLPI needs to know which IP range(s) it should scan.

Go to administration > GLPI Inventory > Networking > IP ranges.

Click on add
Add your IP range(s) :

In Associated SNMP identifiers, add the identifiers created earlier.

To know

This step is important, if you don't associate the SNMP identifiers, your network discovery won't succeed correctly

Remember to save your changes

Agent authorization

A GLPI agent will be dedicated to managing tasks. Once the tasks have been created, the agent will check, during its next inventory, that one or more tasks are available. It is therefore necessary to activate the modules it will need to carry out its tasks correctly.

In administration > GLPI Inventory > General > Agent Management, select the agent that will be dedicated to performing the tasks.
In the agent's modules tab, select network discovery and network inventory (SNMP)
Click update.

Creating tasks

Network discovery

As explained above, you first need to discover the network in order to locate the equipment in your fleet.

In administration > GLPI Inventory > Tasks > Task management create a new task:

Name this task then click on add (you can also choose the option Allows the task to be re-prepared after it has been run so that it can be reloaded and ready for the next run). If required, you can also add scheduled start options or slots in which these tasks can be launched.

Attention point

Make sure you tick the Active box so that your task can be executed

In job configuration, enter a name
Select Network discovery from the drop-down list.

When you click on add, a new insert will appear. The last configuration step is job.

Click on next to target
Add the IP range created earlier.
Do the same with actors, and select the agent configured for network discovery above.

Once this information has been entered, you can force the task to be prepared using the option in task management.

!!! Warning "Caution" This option prepares the task but does not execute it. The designated agent will execute the task the next time it is inventoried.

You will notice that it is in prepared status in job execution.

SNMP inventory

The SNMP inventory will allow you to retrieve information such as cartridges, counters and other information authorised by the hardware manufacturer.

Go back to task management
Add a new task
Proceed in the same way as before and remember to activate the task.

In job configuration enter a name and this time select network inventory (SNMP).

By clicking on add, do as before and add a target (IP address) and a actor (the agent dedicated to the SNMP inventory).

You can again force the start but GLPI will tell you that no target is detected, which is normal because the discovery has not yet been executed.

Task execution

The agent is now waiting to be launched so that it can carry out the tasks we have assigned to it. There are several ways to launch the agent:

Via the web interface where the agent is located, by logging on http://localhost:62354/ and clicking on force an inventory.
By restarting the scheduled task or the glpi-agent service.
If you have installed agent monitoring, click on force an inventory.

The job changes to in progress.

Then to successful

Now that the 2 tasks have been executed, you can return to printer (for our example) and see that our hardware has been implemented in the printer tab, in the entity corresponding to our rule:

if your printer supports it, you can also see the status of the cartridges and the page counter

Tutorials

Most popular

Setting up Oauth IMAP Entra

Requirements (on-premise)

Install the plugin

Register your Entra application

Create the application

Add a secret

Setup GLPI

Setup the receiver

Customise my logo

Setting up Oauth SMTP Entra

Creating an Entra application

Register an Entra application

Creating the secret

Adding claims

Last GLPI settings

Authenticated SMTP configuration

Send test

References

Account and subscription

Subscribe to GLPI cloud

I already have an account and instance

I do not have an account or an instance

Authentication

Activate sso

Authenticate with local LDAP

Opening your local directory

Synchronize your local directory on a Cloud directory (Azure AD)

Dedicated VPN via the subscription of a GLPI Network Cloud Private offer

Integrate GLPI Network Cloud and LDAPS (Entra)

Reminder of use

Directory synchronisation and/or LDAPS authentication

Additional options

Automatic actions

Check automatic actions

On-premise and GLPI Network Cloud

GLPI Network Cloud ONLY

References

General

Setting up your calendar

Define a business opening period

Create a closing date/period

Defining a closing date/period for an entity

Delete a holiday date/period

For more options

Managing dashboards

Creating a new dashboard

Added new dashboard

Add filter

Dashboard options

Refresh data

Clone a dashboard

Share a dashboard

Delete a dashboard

Edit a dashboard

Show full screen

Fields unicity

Helpdesk

Add a task

Creation

Add a follow

Type of task

Execution time

Users and groups

Planning

Duration

Save

Add changes

Create a change

Track the change

statuses

Action plan

Change validation (optional)

Estimating the cost

Project

Tickets

Items

Impact analysis

Knowledge base