Configuring OAuth authentication for Incoming Mail agent

Configure OAuth 2.0 authentication for the Incoming Mail agent that Maximo® Real Estate and Facilities uses to connect to the configured mailbox for retrieving email messages with the offline forms. Register an application in Microsoft Azure for OAuth and then configure Maximo Real Estate and Facilities application to use the OAuth 2.0 authentication for the Incoming Mail agent.

Registering OAuth authentication in Azure

You can use the OAuth 2.0 authentication service that is provided by Microsoft Entra ID to enable Maximo Real Estate and Facilities application to connect with IMAP, or POP protocols to access Exchange Online in Office 365. For more information, see Authenticate an IMAP, POP or SMTP connection using OAuth.

Procedure
  1. Start the Microsoft Azure app registration screen from the following URL: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
  2. Under Manage, select App registrations > New registration to begin the app registration process:
    Name
    Specify the name to identify the registration in the Microsoft Azure portal. For example, TririgaIncomingMailAgent.
    Account Type
    Select the single tenant account type.
    Register
    Click Register. When registration finishes, the Azure portal displays the app registration's Overview page. Make a note of the Application ID.
  3. Create a client secret, complete the following steps:
    1. Click Certificates & secrets.
    2. Click New client secret.
    3. Provide a description and a duration for the client secret.
    4. Click Add.
    5. Copy the client secret value from the Value column. This value is later provided in the OAuth Application Secret field of the Microsoft OAuth profile record in Maximo Real Estate and Facilities.
      Note: The client secret can be viewed immediately after creation only, so note of the value before leaving the page.
  4. Click Overview and then click the Endpoints tab. Copy OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2).
  5. Configure API permissions, complete the following steps:
    1. Click API permissions > Add a permission.
    2. Select the APIs my organization uses tab and search for Office 365 Exchange Online.
    3. Click Application permissions.
    4. Select the following permissions:
      POP.AccessAsApp
      IMAP.AccessAsApp
    5. Click Add permissions.
    6. Click Grant admin consent for "application name" for providing consent. You need admin access to view the option to grant admin consent.
    7. Click Yes.
  6. Register the Service principal in Exchange Online PowerShell by running the following PowerShell commands:
    1. Install the ExchangeOnlineManagement and connect to your tenant ID:
      
Install-Module -Name ExchangeOnlineManagement -allowprerelease
Import-module ExchangeOnlineManagement 
Connect-ExchangeOnline -Organization <tenantId>
    2. Register an Azure AD application's service principal in Exchange:
      New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]

      Use the Client ID as Application ID, Object ID as the Service ID for the application, and the Tenant ID as the ORGANIZATION_ID. You can find these details in the Overview tab of the Azure portal by navigating to Entra ID > Enterprise applications and selecting the application that you have registered. For more information, see New-ServicePrincipal command

    3. Add Mailbox permissions to the application to give access to your mailbox:
      Add-MailboxPermission -Identity "<EXCHANGE_EMAIL_ID>" -User <OBJECT_ID> -AccessRights FullAccess

Configuring OAuth profile in Maximo Real Estate and Facilities

After you register an OAuth application with Microsoft Azure, you must enter the OAuth provider (Microsoft) in Maximo Real Estate and Facilities. To enter the OAuth provider (and OAuth application), you must create a Microsoft OAuth profile record in Maximo Real Estate and Facilities.

Procedure
  1. Log in to the Maximo Real Estate and Facilities main portal.
  2. Navigate to Tools > System Setup > Integration > OAuth Settings.
  3. Select Add to add a Microsoft OAuth profile record.
  4. In the OAuth Setup section, specify the following OAuth settings:
    Name
    The name that is displayed to users and used in API calls to identify the target record.
    OAuth Provider
    Name of the OAuth provider. For example, Microsoft for Entra ID. OAuth provider name is not case-sensitive.
    Access type
    Set the access type as Application.
    Description
    Describes this profile, so an application cab display it to users.
    OAuth Application Key
    Enter the value of the Application (Client) ID field from the OAuth application registration in Microsoft Azure.
    OAuth Application Secret
    Enter the value of the client secret Value column from the OAuth application registration in Microsoft Azure.
    OAuth Authorize URL
    Enter the tenant-specific URL of the OAuth 2.0 authorization endpoint (v2) field from the OAuth application registration in Microsoft Azure. This value is required by Maximo Real Estate and Facilities Reserve. For example: https://login.microsoftonline.com/<tenant Id>/oauth2/v2.0/authorize.
    Note: To get the URL value, click Overview on the Azure App registrations page, and then click the Endpoints tab. Copy the value of the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) fields.
    OAuth Token URL
    Enter the tenant-specific URL value of the OAuth 2.0 token endpoint (v2) field from the OAuth application registration in Microsoft Azure. This value is required by Maximo Real Estate and Facilities Reserve. For example: https://login.microsoftonline.com/<tenant Id>/oauth2/v2.0/token
    OAuth Scope
    API permissions that are granted to an OAuth application. For Microsoft Azure, enter: https://outlook.office365.com/.default Users might need to approve these permissions when they log in.
  5. Save your new Microsoft OAuth profile record.

Configure the IncomingMailConfig record

Configure the IncomingMailConfig record to use OAuth authentication to connect with IMAP and POP protocols and access email data for Office 365 users.

Procedure
  1. Navigate to Tools > System Setup > IncomingMailConfig > Add.
  2. Host: Specify the host as outlook.office365.com
  3. INBOX: Specify the folder name as: INBOX.
  4. Action: Specify the action as CREATE.
  5. Username: Enter your Outlook Mailbox address.
  6. Password: Enter the Outlook password of the mailbox used by the Incoming Mail agent for offline forms for a particular topic.
  7. MailServerType: Enter the mail server type as imaps with port 993.
    Important: For the POP3 protocol, specify the mail server type as POP3S and port as 995.
  8. OAuthProfile: Select the OAuthProfile created in Configuring OAuth profile in Maximo Real Estate and Facilities.
  9. Save the record.

Next steps

Log in to the Admin Console, navigate to the Agents page, and verify that the Incoming Mail agent is running.