BusinessPlus OAUTH2 Email Configuration
Prerequisites
You must complete Microsoft App Registration.
- Identify the server where the workflow is located. All subsequent configuration must occur on this server.
Provide your Client ID, Client Secret, and Tenant ID from the Identity Provider to Professional Services or Support.
A redirect URL has been created in the Identity Provider by the Cloud or TSG team. The format is http://<localhost:portnumber>/.
- The Admin Console must have access to Office 365 OAuth2 EndPoints.
The default app for Web Browser should be Chrome.
In the Windows Firewall, permissions must allow inbound connection to the local port. After the initial configuration is completed in the Admin Console, this rule can be changed to prevent inbound connections.
The Workflow Email and Password are required.
Confirm that an Encryption Key appears in the Catalog database.
Verify if an encryption key already exists by using the following SQL statement:
select * from bsi_sys_blob where app ='oauth';
If this query returns no records, a user must run Generate Key to generate an encryption key.
In the Administration Console, select the Configure Local Server plug-in. From the Tools panel, select Generate Key.
A new key is generated and stored in the Catalog database.
A warning appears if a key already exists in the database.
Changing the key invalidates the existing encrypted data. Do not change the key unless it is compromised.
Email OAuth2 Configuration (Administrative Console)
The following steps are required to configure OAuth2 for Email in the BusinessPlus application.
Login into the Web Server where the Admin Console is installed.
Navigate to Email OAuth2 Configuration.
Select the Enabled checkbox.
Enter the Client ID, Client Secret, Tenant ID, and Port Number.
Select Generate Access Token and Save.
A prompt appears to enter the credentials. Enter the Workflow Email Credentials.
Field Name | Mandatory | Value |
---|---|---|
Client ID | Y | Value Provided by Customer |
Client Secret | Y | Value Provided by Customer |
Tenant ID | Y | Value Provided by Customer |
Port No | Y | 3017 or Value Provided by Customer |
Enabled | Y | Selected |
Registry Key Entry
The OAuth2 works on the basis of a registry key in tandem with the above configuration.
Add a registry entry UseOAuth2ForEmails, (DWORD32) under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BiTech\Workflow
- 0: (Default) Workflow will use password-based authentication for both Get (POP3/IMPA4) and send (SMTP) emails.
- 1: Workflow will use OAuth2 for POP3/IMAP4 (Get) emails only. SMTP will use password. This is a common setup for SMTP Relay server.
- 2: Workflow will use OAuth2 for SMTP (Send) emails only. POP3/IMAP4 will use password. This is not common.
- 3: OAuth2 will be used for both POP3/IMAP4 and SMTP.
The Registry Key details can be found in Registry Settings.
Required Registry Keys
For BusinessPLUS to connect to outlook office365 successfully the following registry keys are required:
- SMTPPort = 587
- UseSSL = 1
- UseOAuth2ForEmails = Review the previous section for the Registry Key Entry.
- ProcessOnly = 13 for Outbound Emails only, 15 for Inbound and Outbound Emails.
Post Configuration Steps
Restart BusinessPlus Workflow Services to make the configurations effective.
Best Practices
When we have multiple environments like Test and Production, it is suggested to have separate App Registrations in Microsoft, for each environment. This will result in better management and unnecessary development redirect URLs are not exposed in production apps.