OAuth Authorization Issue

Hello, I am trying to convert our incoming mail from Exchange/O365> Basic to Open Authentication (OAuth). I have followed all the steps provided (Configure an incoming e-mail account for Office 365 (solarwinds.com))to register the Web Help Desk app to our Azure as an application. The issue I am running into is when I input the Tenant ID, Client ID and Secret ID and click on Authorize for the incoming account I and configuring it seems to take my e-mail credentials instead of the e-mail address I configured for the incoming mail accounts. This is even through the steps when it ask me for which account I am authorizing, I put in the incoming email account, but still uses my credentials, hence looks into my inbox and processes the email in my inbox instead of the incoming email account. 

Just to add, we use SSO in our environment so when I log into WHD, it uses my AD credentials. So I don't know if this is the reason why the Authorization is using my account. If it is is there any way to bypass this?

What am I doing wrong?

  • You may need to login as the Windows user linked to that E-Mail account to do the Authorize, bit of a pain this one if you have mutiple Inbound Mail accounts configured.

  • As pabley stated the prompt you get when click authorize should be the desired mailbox credentials.  If you use yours it will pull your mailbox in to make tickets (know from personal experience).

  • Correct, painful one to experience. Have seen this with someone who had 1000+ unread e-mails in their mailbox which quickly got sucked into WHD as new Tickets and deleted in their mailbox. 

  • I am struggling as we are trying to apply the OAuth, however, that option is not presenting for us. 

  • Re-able Basic Auth in your Tenant to give you a few weeks grace, upgrade to 12.7.5 or above.

  • Has SolarWinds responded and help you correct this?  They still don't even mention this in their set of instructions and it should NEVER happen that you accidentally pull the wrong Inbox.  Poor documentation, and frankly while I'm going through this same thing, very poor support.  It seems the helpdesk account should be linked in the Microsoft App permissions so that only that email address can relay mail.

  • We just went through this and there are a few "gotchas" if you aren't careful. Thank you to the other commentators for helping us on our way. This is being written out to be explicit about all the steps we had to go through and assumes you have read the "Configure an incoming e-email account" instructions. Our setup sounds like the OP's with Azure.

    The email account has to exist in the directory (apologies, this is outside my area) because they need to register as a Client.

    e.g. WHD_Email1@hotmail.com

    1. Open an Icognito browser
    2. Enter as the email account (WHD_Email1@hotmail.com)
    3. Complete the Client Profile, add First Name, Last Name, and most importantly Email
    4. Submit a ticket to force the Client identity to work through WHD (probably not required but done to pass the Client credentials through everything)
    5. Logout of WHD (but stay in the Icognito browser)

    From another browser, or even another person, enter WHD as Admin and add a new Admin linked to WHD_Email1.

    In the Incognito browser, enter WHD and it should pass through to the Tech view. (No passwords or login information required, it has read the User's identity from the webpage.)

    As the Admin WHD_Email1, setup the Incoming Email.

    1. Change from Basic to OAuth.
    2. Add Tenant ID, Client ID, Client Secret from portal.azure.com.
    3. Make sure the DNS, Port and Reply Redirect are configured correctly within Azure (beyond my knowledge).
    4. Click Authorize twice, which will then open a validation prompt where you sigin with the WHD_Email1@hotmail.com credentials.
    5. Approve
    6. Save.

    If during this process you end up resetting the password for the account, you need to update the SMTP password.

    Rinse and repeat for each email account that needs to be configured.

    Cheers.